OKX Investigates Multi-Million Dollar Account Thefts After SIM Swap Attacks

OKX Investigates Massive Account Thefts Following SIM Swap Frauds

Crypto News- OKX cryptocurrency exchange and its security partner, SlowMist, are currently investigating a multi-million dollar exploit that led to the theft of two user accounts.

The Theft via SIM Swap Attack

The investigation centers on the theft of two OKX exchange accounts on June 9 via an SMS attack, commonly known as a SIM swap. This was reported by SlowMist founder Yu Xian in a post on X.

“The SMS risk notification originated from Hong Kong, and a new API Key was created with withdrawal and trading permissions,” Xian explained. “Initially, we suspected a cross-trading intention, but that seems to have been ruled out now.”

Unclear Amounts, but Significant Losses

While the exact amount stolen remains unclear, Xian noted that “millions of dollars of assets were taken.” The issue did not primarily stem from the exchange’s two-factor authentication (2FA) mechanisms, according to SlowMist.

Ongoing Investigation

SlowMist is still investigating the hacker’s wallet and the incidents leading up to the attack. However, it appears that 2FA may not have been the main vulnerability.

SlowMist’s Insights on 2FA

In a June 9 post on X, Xian mentioned, “I haven’t enabled a 2FA authenticator like Google Authenticator, but I’m unsure if this is the crucial point.”

Cointelegraph has reached out to OKX and SlowMist for further comments.

Analysis by Dilation Effect

According to the Web3 security group Dilation Effect, OKX’s 2FA mechanism allowed attackers to switch to a low-security verification method, which enabled them to whitelist withdrawal addresses via SMS verification.

Rise in Sophisticated Hacking Methods

Recent trends show that more sophisticated hackers have been bypassing 2FA methods. Earlier in June, a Chinese trader lost $1 million to a scam involving a promotional Google Chrome plugin called Aggr. This plugin steals user cookies, allowing hackers to bypass passwords and 2FA authentication.

Increase in Phishing Attacks

Phishing attacks have also surged in June. CoinGecko confirmed a data breach through its third-party email management platform, GetResponse, which resulted in 23,723 phishing emails being sent to victims.

Phishing attacks aim to steal sensitive information like crypto wallet private keys. Another type of phishing, known as address poisoning, deceives investors into sending funds to fraudulent addresses similar to those they have interacted with before.

Private Key Leaks: A Major Vulnerability

The leakage of private keys and personal data has become the leading cause of crypto-related hacks. Exploiters often target the easiest vulnerabilities. According to Merkle Science’s 2024 HackHub report, over 55% of hacked digital assets in 2023 were lost due to private key leaks.

FAQ

For the latest in crypto updates, keep tabs on Crypto Data Space.