In a recent incident, the OKX decentralized exchange (DEX) has fallen victim to exploitation, resulting in the theft of funds from wallets authorized to the platform.
🚨SlowMist Security Alert: OKX DEX Proxy Admin Owner's Private Key Suspected to be Leaked🚨
— SlowMist (@SlowMist_Team) December 13, 2023
According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist's analysis, it was found that when users exchange, they authorize…
Unlike recent attacks that primarily targeted vulnerabilities within smart contracts, this incident involved the unauthorized acquisition of credentials required to access the exchange’s wallets—repositories where funds are held in escrow pending transaction finalization.
The thief took various types of digital money from 20 different sources. However, many of these are not well-known and aren’t used a lot, even though some people talk about them.
Out of a total of about $424,000, a good amount is in digital coins like ELON, SHIB, and KEK. The hacker took a huge number of PEPE and KEK tokens, but even though the quantity is massive, their total value is less than $20,000.
On the other hand, the thief also took a decent amount of more commonly used digital money. Over 70k USDC and just over $20k in USDT and wETH, respectively, were stolen in the attack.
Fortuitously, the nature of the breach was comparatively unsophisticated, enabling the expeditious restoration of control by the development team over the platform’s compromised elements. OKX has officially confirmed its commitment to compensating all users adversely affected by the breach.
According to Wu Blockchain, OKX has confirmed that all users affected by the hack will be compensated in short order.
OKX stated that due to the hack of the management rights of an abandoned OKX DEX market maker contract, 18 address assets authorized for the contract were hacked. The affected contracts have been deactivated and all user assets have been confirmed to be safe. All affected users…
— Wu Blockchain (@WuBlockchain) December 13, 2023
While the successful breach of a well-established decentralized exchange has elicited surprise within the crypto community, the prompt resolution of the incident has also drawn attention. Some members of the community have raised questions regarding the degree of decentralization purported by OKX developers, emphasizing the swift intervention as evidence to the contrary.
Nevertheless, it is pertinent to acknowledge that the existence of a built-in killswitch serves as a prudent precautionary measure for any platform. If the developers’ access to the platform enables the deactivation of compromised wallets, allegations of impropriety may be unwarranted, considering the expeditious termination of the attack, limited though the access may be.