• OKX users who were recently affected by a hack received full compensation from OKX.

  • The exchange decides to add a mandatory Google Authenticator to avoid similar incidents.

  • SlowMist reported earlier that the accounts were compromised by a SIM-swapping attack.

The two OKX users who were recently hacked received their full compensation from OKX. . Chinese crypto journalist Colin Wu had a report on two user accounts that were hacked through SMS and email hijacking.

Exclusive: Two users whose OKX accounts were stolen have received full compensation from OKX. The suspected cause was the hijacking of their SMS and email. OKX has decided to add mandatory Google Authenticator in the future to avoid similar incidents from happening again. https://t.co/MmRSLXohBt

— Wu Blockchain (@WuBlockchain) June 12, 2024

On June 9, 2024, Blockchain security firm SlowMist founder Yu Xian reported a major exploit in the OKX ecosystem, resulting in the loss of funds for two OKX users. The users’ accounts were reportedly compromised in a SIM-swapping attack due to a vulnerability in the platform’s Two-Factor authentication (2FA) security system.

两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB

— Cos(余弦)😶‍🌫️ (@evilcos) June 9, 2024

Xian elaborated on the hackers’ potential strategies and the critical details identified by the tracker, he stated,

“The SMS risk notification came from “Hong Kong” and a new API Key was created…The premeditated gang committed the crime in a concentrated manner.”

Security analytics platform Dilation Effect further investigated the matter and identified a vulnerability in OKX’s authentication system, finding that OKX allows for lower security verification methods during sensitive operations.

In response to the hack, OKX initiated a probe and contacted the affected users, promising compensation if OKX was found responsible for the losses. The platform stated:

“We attach great importance to the “exchange user assets stolen” situation reported online today…If it is finally determined that the platform is responsible, the platform will take the initiative to bear it. In addition, we will announce the results as soon as the relevant investigation is completed.

As per Colin Wu’s post, OKX has fulfilled its promise. Additionally, the platform has decided to implement mandatory Google Authenticator to prevent any such mishaps in the future.

The post OKX Hacked: Victims Reimbursed, 2FA Security Beefed Up appeared first on Coin Edition.