Centralized exchange OKX was exposed last weekend for user funds being hacked, sparking widespread discussion in the community. Security experts believe that the hacking of user funds has revealed issues with OKX’s security settings. Additionally, possibly due to the hacking incident, many users discovered unfamiliar addresses in OKX’s USDT withdrawal whitelist, causing community panic. In response, OKX CEO Xu Mingxing made a rare Chinese-language statement on social media.
(Summary: OKX hit by “user hacked and funds stolen” losses exceeding 1 million pounds, official response: investigation results will be announced promptly)
(Background: OKX in big trouble》Wallet cleanup burned 254 BTC transaction fees (17.6 million pounds), suspected aggregation program malfunction..)
Security experts: Issues with OKX security settings
Suspected unauthorized addresses added to whitelist
OKX CEO: OKX address book function needs improvement
Centralized exchange OKX was frequently reported last weekend for funds being hacked, with several netizens posting on the X community platform that their funds stored on OKX exchange were stolen by hackers, causing anxiety among many OKX users.
According to a report by Dapao yesterday (10), there were multiple hacking incidents with similar methods on the community. A netizen named “Le Yan,” who claimed to have lost 2.25 million NTD due to hacking, stated: “Coincidentally, netizen Dr. Hash ‘Wesley’ also posted a video, claiming that his group friend was stolen 1 million USDT. Another netizen, a braised egg, also mentioned a friend being stolen 800,000 USDT, all using SMS and email verification codes to transfer the funds.”
As the incident continued to unfold, OKX officials also responded, stating that if it was an issue with their platform, they would take the initiative to address it:
In this context, security research institution Dilation Effect published a post yesterday analyzing OKX’s user security settings and identified the following issues:
– Although users bind Google Authenticator, the verification allows for switching to a lower security level, bypassing Google authentication.
– Sensitive operations by users do not trigger the 24-hour withdrawal restriction risk control measures, such as: turning off phone verification, turning off Google Authenticator, changing login passwords, etc.
– Whitelist address withdrawals do not have dynamic verification based on withdrawal limits. Once an address is added to the whitelist, it can withdraw unlimitedly within the withdrawal limit, unlike other exchanges that set limits and require re-verification if exceeded.
Furthermore, Dilation Effect also reminded users to bind Google Authenticator to their accounts, as email and SMS verification are susceptible to hacker attacks.
On the other hand, renowned security expert 0xAA posted early this morning, stating that many users discovered unfamiliar addresses in the USDT withdrawal whitelist of their OKX accounts:
Due to the ongoing storm of the hacking incident at OKX, many users are concerned about the security of their assets in their accounts. Any security concerns could trigger panic among users, so 0xAA also urged OKX officials to explain promptly.
In response to 0xAA’s inquiries, OKX officials also responded on social media, stating that newly added non-certified addresses would appear at the top, making it impossible for the unfamiliar address to be a new addition.
Subsequently, 0xAA clarified the rumors in a post and recommended OKX to update its address book to avoid user misunderstandings:
Moreover, regarding the rumors about the address book, OKX CEO Xu Mingxing also made a rare response in Chinese on social media, acknowledging that the OKX address book function indeed needs improvement and once again promised that if user losses are caused by OKX’s own issues, OKX will take full responsibility.