Several OKX accounts emptied by hackers

Some users of the OKX crypto exchange have fallen victim to a hack, resulting in the theft of funds from their accounts. OKX confirmed the news, reassuring that the hack had only affected a small number of users. The exchange also promised full compensation for victims.

OKX users victims of fund theft

Despite the technical and regulatory efforts of recent years, crypto exchanges are not immune to cyber-attacks. According to the security company Blockchain SlowMist, some crypto exchange accounts OKX accounts were emptied following a hack. The number of accounts affected and the total amount of funds stolen have not been revealed. However, the company claims to have the addresses of the hackers’ wallets.

Although the victims are different, the attacks on their accounts have certain similarities. SlowMist notes in particular that on each occasion, users received risk notification SMS messages from Hong Kong for account verification.

Security flaws at OKX

The Web3 security group Dilation Effect conducted surveys to find out the reasons for the hacks found on OKX. After analyzing OKX security parameters, the security group has pointed to the responsibility of the exchange. For Dilation Effect, the hackers simply took advantage of security loopholes on the platform, specifically the verification Google Authentication.

Indeed, users can disable Google Authentication or phone verification on OKX without triggering a 24-hour opt-out system. Although this measure improves the user experience, it exposes users to hacks. Given the vulnerability of e-mail and SMS, Dilation Effect recommends that users always link their accounts to Google Authentication.

OKX confirms theft of funds, but denies responsibility

Reacting to the news, the crypto exchange OKX confirmed on X that the theft of funds only affected very few customers. OKX, however, categorically refuted accusations of security failures on its part. For more than 10 years, OKX’s customer account security system has been effective, claims the exchange.

For OKX, it wasn’t a Google Authentication or SMS problem. Instead, the hacker falsified some customers’ legal documents to obtain their personal information. He then used this information to log into their accounts and empty them. A judicial investigation is already underway.

In addition to compensating all victims of this attack, OKX has strengthened security measures on its platform. The exchange claims to have introduced a new verification mechanism and strengthened the security level of AI facial recognition. The aim is to avoid similar incidents in the future, OKX also considers introducing an expiration mechanism for authenticated addresses in the address book.

This incident is yet another reminder that exchange security systems are certainly advanced, but still perfectible. It’s a reminder that the funds you keep on a crypto exchange are highly exposed to hacks, and at times to mismanagement. It’s always a good idea to opt for a cold wallet like D’cent which gives you total control over your assets. We can’t stress this enough: not your keys, not your coins!