OKX Details Hacks and Promises Compensation
Following a series of breaches, representatives from the cryptocurrency exchange OKX revealed that a hacker “forged court documents” to obtain personal information from “a very limited number” of users.
关于近期个别客户账户出现安全事件的情况说明
1. 所有此事件的有关用户都已经/马上得到圆满解决;
2. 此事件与谷歌验证器或短信验证的选择无关,但是 #OKX 确实推荐有能力的用户使用谷歌验证器;
3.…— OKX中文 (@okxchinese) June 12, 2024
“All users involved in the incident have been or will be compensated appropriately. […] The OKX account protection system has been operational for over 10 years. We are fully confident in its security, but we will continue to adhere to the principle of compensating losses caused by our fault,” the publication stated.
Earlier, an analysis by Dilation Effect identified potential vulnerabilities in the exchange’s security mechanism. The study indicated that the system allows bypassing the 2FA service Google Authenticator and switching to less secure checks (SMS, whitelisting addresses, etc.).
However, OKX refuted this claim. According to their statement, the breach “has nothing to do with Google Authenticator or SMS verification.”
The case is already under investigation by judicial authorities, so the company is not disclosing specific details.
“We have optimized the judicial cooperation process, implemented a verification mechanism, and enhanced the level of facial recognition security using AI. In the future, we will introduce an expiration mechanism for verified addresses in the address book to prevent similar incidents,” OKX emphasized.
Fate of the Affected
On June 9, the analytical company SlowMist reported suspicious hacks of OKX accounts. The attacks affected two Japanese users and were similar in execution.
两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB
— Cos(余弦)??️ (@evilcos) June 9, 2024
“In addition to the common features mentioned by [another hacked user known as] AsAnEgg, the SMS risk notification came from Hong Kong, and a new API key was created (with withdrawal and trading permissions, which is why we previously suspected cross-trading intent),” the researchers noted.
Addresses of wallets associated with the hacker are currently being tracked by SlowMist, but the team is not disclosing additional information to avoid hindering the ongoing investigation.
Analysts have asked other potential victims of the perpetrators to contact them. Earlier, journalist Colin Wu also reported on an OKX client who lost over $2 million through AI.
On June 11, the operational manager of market maker QuantMatter, known as Crypto LaLa, fell victim to hackers. She reported that the hacker withdrew assets worth $11 million from her main and sub-account.
“The hacker gained full access to my account. He converted assets to ETH and withdrew all funds in 25 minutes. I noticed this in one of my sub-accounts. When I checked the main account, all the money had already been stolen,” wrote Crypto LaLa.
As with other incidents, the latest known victim of the perpetrators did not receive alerts from the security system. Information about compensation for the QuantMatter employee has not yet been provided.
Back in June 3, it was revealed that a hacker gained control over a Chinese trader’s account on Binance without having the password or access to two-factor authentication. After a series of transactions, he withdrew assets worth $1 million.
Representatives of the exchange placed all the blame on the user and a malicious Chrome browser plugin called AggrTrade.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!