Singapore market maker QuantMatter reported that funds in its OKX account were hacked on May 30, resulting in a loss of over $11 million. Its director, Crypto LaLa, claimed that no email notifications or two-factor authentication were triggered during the incident. In response, OKX CEO Xu Mingxing stated that internal records indicate that withdrawals underwent dual verification and urged QuantMatter to cooperate with the investigation.
OKX has faced a series of account security issues recently, causing concerns among users about the platform’s safety. The official response from OKX on the 12th indicated that user issues related to these security incidents have been resolved or are in the process of being resolved. However, a new incident involving a loss of over $11 million due to hacking has garnered widespread attention in the community today.
On the 11th, Crypto LaLa, director of Singapore market maker QuantMatter, posted on X stating that on May 30, hackers added multiple whitelist addresses within 25 minutes and converted all the funds in her OKX account into BTC, ETH, USDC, and USDT, transferring them to on-chain addresses. This resulted in a loss of over $11 million for her company, with the hacked funds yet to be moved.
Crypto LaLa claimed that no email notifications or two-factor authentication were triggered during the fund transfer, making her feel incredulous. She asserted that the loss was not due to a Google browser extension issue but a hacking of her OKX account. She expressed anger:
According to a report from “Wu Blockchain,” unlike previous cases, QuantMatter’s account had an offline Google authenticator installed, and withdrawals required dual authentication through email and Google authenticator, a security measure managed jointly by the founder and partners.
Despite this, the funds were stolen over ten days ago and to date, the market maker, security agencies, and OKX have been unable to ascertain the specific cause of the theft. The market maker has reported the incident to the authorities in Singapore and contacted over five security agencies for investigation.
Regarding this security incident, OKX CEO Xu Mingxing stated that the account had no similarities with other cases and occurred at a completely different time. While the investigation is ongoing, he confirmed that:
At the same time, Xu Mingxing mentioned that QuantMatter has not yet cooperated with the investigation, urging the organization to collaborate in a thorough investigation of the case. OKX executive Haiteng also responded by saying:
Haiteng further added: “Only binding email and offline GA, withdrawals and whitelist cannot bypass offline GA. We hope the other party can communicate with us more and find out the reasons together.”
In theory, offline GA verification should provide higher security safeguards, and the exact cause of the hack, responsibility attribution, and further confirmation are still pending. We will continue to follow up on this for you.