OKX Users Lose Funds in SMS Security Hack
By Olivier Acuña | TH3FUS3 Chief Editor
June 10, 2024 08:02 AM
Reading time: 1 minute, 47 seconds
TL;DR Crypto exchange OKX faces scrutiny after users report significant thefts through SMS security breaches. SlowMist highlights similar attacks and urges caution. OKX pledges full responsibility if found at fault.
Rising Crypto Theft Incidents
The total number of crypto theft incidents has been rising once again. Hackers are adopting innovative methods to siphon off user funds. In the latest development, crypto exchange users OKX reported significant theft while breaching the platform's SMS notification security.
On Sunday morning, SlowMist reported that two victims had their OKX exchange accounts stolen using surprisingly similar methods and features.
SlowMist said both incidents involved SMS risk notifications originating from 'Hong Kong' and creating new API keys with withdrawal and trading permissions. Initially suspected to be cross-trading attempts, this theory has since been ruled out. Last week, a Binance user faced similar theft, losing over $1 million in crypto due to a cross-trading plugin.
Organized Attacks
A premeditated gang carried out the attacks in a concentrated manner. SlowMist's tracking team, MistTrack, is actively monitoring the hacker wallet addresses involved in both incidents and will continue to provide updates. However, specific details of the incidents will not be disclosed without the victims' consent.
Security Measures and Recommendations
The victims did not enable 2FA authentication tools like Google Authenticator. It remains uncertain if this is the critical factor in the breaches. SlowMist advises against panic, suggesting that a more significant impact would likely result in more exaggerated related events.
OKX's Response
OKX, a leading cryptocurrency exchange, has responded to reports of stolen user assets circulating online today. The exchange has contacted the affected users and is actively investigating the incidents.
"If the platform is found responsible, it will take full responsibility for the losses," said OKX in a statement.
The exchange has promised to announce the investigation results as soon as they are available. It urged users to remain patient and refrain from unnecessary speculation.
Binance Attack Similarities
During the Binance attack, the crypto hacker employed a sophisticated method to manipulate his account and evade detection. By holding his web cookies hostage, the hacker executed large trades in the USDT trading pair, which has high liquidity.
Additionally, the hacker placed limited sell orders at inflated prices in pairs with scarce liquidity. This strategy enabled the hacker to profit significantly without triggering any security alerts from Binance.