OKX DEX loses $430,000 in hack
The OKX decentralized exchange (DEX) was exploited for $430,000 following an alleged leak of the proxy server administrator’s private key.
?SlowMist Security Alert: OKX DEX Proxy Admin Owner’s Private Key Suspected to be Leaked?
According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist’s analysis, it was found that when users exchange, they authorize…
— SlowMist (@SlowMist_Team) December 13, 2023
According to PeckShield analysts, the amount of damage rose to approximately $2.76 million.
#PeckShieldAlert #OKX #DEX suffered a Private Key Leakage attack, resulting in ~$2.76M worth of cryptos being stolen.
Please *Revoke* your allowance if any, to https://t.co/uwzzJzNUHH pic.twitter.com/yOqAVR2HMR— PeckShieldAlert (@PeckShieldAlert) December 13, 2023
According to SlowMist’s analysis, during an exchange on the platform users authorize the TokenApprove contract, which then transfers the user’s tokens.
The ClaimTokens function enables a trusted proxy server of the DEX to call it. The servers are managed by administrators who can independently modify the smart contract.
On December 12, the owner of one of the servers updated it, enabling direct calls to ClaimTokens to transfer users’ tokens. The attacker exploited this vulnerability.
According to DeBank, the hacker’s address holds tokens worth $430,000.
Experts Scopescan contacted OKX representatives, who stressed that the attack targeted an “old abandoned market-maker contract.” In their words, the exploit has been detected and stopped.
Users reported an exploit event on the #OKX DEX contract.
We have contacted them and got the following response:
“The old abandoned MM contract was attacked, and the attack has been located and stopped.
The losses of the users involved will be fully borne.”
Exploiters… https://t.co/psuz4WcjGl pic.twitter.com/GrKUdrnGVk
— Scopescan (@0xScopescan) December 13, 2023
Later, on the platform’s official X page, a statement was posted. The exchange said it revoked permissions for the attacked server.
We regret to inform you that a deprecated smart contract on OKX Dex has been compromised. We have taken immediate action to secure all user funds and revoke the contract permissions. We are working with relevant agencies to locate the stolen funds and will reimburse affected… pic.twitter.com/zDIjhb3ETz
— OKX Web3 (Wallet | DeFi | NFT) (@okxweb3) December 13, 2023
We are working with the relevant authorities to locate the stolen funds. We will reimburse the losses to those affected. An extensive review is currently underway to prevent similar incidents. We apologise for the inconvenience caused,
Earlier Immunefi researchers calculated that since the start of 2023 the crypto industry has faced 296 incidents of hacks and fraud, and losses from such incidents have surpassed $343 million.
Earlier in November, the hacker withdrew assets from KyberSwap’s liquidity pool worth $47 million. Later he demanded full control over the project.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!