OKX exchange has been in the community for 24 hours, not only one user was hacked and stole all assets, the official said they are seriously investigating, and will take active responsibility if it is a platform vulnerability.
(Background:
OKX lost big》Collate wallet burned 254 BTC transaction fees (17.6 million euros), suspected problem with aggregation program..
)
(Background:
OKX Web3 wallet was robbed, the victim cried and lost 50,000 U: What is the security vulnerability?
)
During the Dragon Boat Festival holiday, the cryptocurrency community exploded with OKX users wailing in distress. Their accounts were hacked and all tokens stored in the accounts were looted, with a total value of nearly 5 million Chinese yuan, quickly stirring up FUD mentality among many users.
On the 9th of this month, a Chinese community netizen “Le Yan” posted on Twitter X platform a post titled “Taken away in 15 minutes, why did the hacker enter Okex exchange to plunder user assets as if in no man’s land”, claiming that all his assets in OKX were stolen by hackers, his life savings were inside, valued at nearly 5 million Chinese yuan, about 22.5 million New Taiwan dollars.
The title posted by the user was quite sensational, trying to attract the attention of OKX officials for handling. In the part describing the incident, he said, “Hackers can log into my OKX exchange account without obtaining my verification code, and add whitelist withdrawals.”
In the picture he posted, it can be seen that the verification code email for OKX withdrawals has not been opened, but all tokens in the account have been withdrawn. Netizens are very skeptical, suggesting that there is a loophole in the OKX system that allows assets to be withdrawn bypassing the verification code process.
Similar cases erupted within 24 hours
Coincidentally, similar cases of OKX users being hacked were reported within 24 hours. Netizen Dr.Hash “Wesley” posted a video, claiming that his group friend was robbed of 1 million U, attracting a lot of attention.
Another netizen, “One braised egg,” also mentioned a friend being robbed of 800,000 U, using a similar method:
OKX registered mailbox bombarded with spam
Crazy buying of Ethereum at market price
Withdrawing Ethereum via mobile verification code
Multiple cases of theft have been circulating, not only attracting the attention of OKX officials, but also prompting preliminary analysis by SlowMist founder Yu Xian, who said that the methods used to steal coins from the two victims were surprisingly similar, including mobile SMS showing locations outside of Hong Kong, and creating a new API for trading and withdrawals.
Yu Xian said this was a premeditated group crime.
Official response: Will take responsibility if it is a platform issue
Due to the victims’ descriptions, OKX’s customer service did not respond properly at the time of the incident, leaving them feeling frustrated and puzzled. OKX responded officially on Twitter after receiving a lot of attention from netizens, stating that if it is an issue with their platform, they will actively take responsibility for handling:
Within a few days, OKX reported a loss of over $10 million in BTC due to burning BTC in the wallet due to aggregation program and transferring them.
Further reading:
OKX lost big》Collate wallet burned 254 BTC transaction fees (17.6 million euros), suspected problem with aggregation program..
Another user hacked, suspected platform vulnerability, causing a lot of concern in the community, and Dapp.com recommends that if users are worried about the tokens and assets stored in exchanges, they can withdraw them to a secure wallet in advance and deposit them back after the incident is resolved without worry.
Related reports
How to prevent mobile phones from being hacked? The US security agency recommends “rebooti