OKX has attributed the recent exploit of some users’ accounts to identity theft, revealing that bad actors had obtained the users’ information using forged documents to steal funds. 

Also Read: OKX user loses $2 million in crypto in AI deepfake hack

Last weekend, several OKX users shared on X that their accounts had been compromised and their assets drained. Several speculations were made about what caused the incident with SlowMist, noting that the hacker created new API keys for the users to withdraw the funds. The blockchain security firm also noted that the SMS risk notification came from Hong Kong.

OKX compensates impacted users

In a social media post today, OKX confirmed the incidents, noting that only a few victims were affected. The exchange added that the hackers accessed users’ information by presenting forged judicial documents. Thus, it appears the exchange erroneously disclosed sensitive user information to scammers, thinking it was complying with regulators or law enforcement. It added:

” It has been verified that someone forged judicial documents and obtained the information of a very few customers. The matter is under investigation by the judicial authorities, and we cannot disclose more specific details. We have optimized the judicial cooperation process, introduced a verification mechanism, and strengthened the security level of AI face recognition.”

The exchange also debunked claims that the exploit was caused by a vulnerability in its security system that allowed the hackers to turn off SMS verification or Google Authenticator. A blockchain security group, Dilation Effect, had suggested this was the reason based on their analysis. It claimed:

“Users bind Google Authenticator (GA) because GA has a higher security level. However, when OKX verifies sensitive user operations, such as adding whitelist addresses, withdrawing coins, and changing various verification item settings, it can directly switch to a low-security verification method, such as SMS.”

Meanwhile, the exchange added that it has compensated affected users. This aligns with its policy of compensating customers for losses due to internal faults. However, it added that its account security system remains safe, and it is optimizing its judicial cooperation process to prevent a reoccurrence.

Scammers are getting more sophisticated

This incident highlights the extent to which bad actors are willing to go. Notably, the exploit comes amid a rise in sim-swap and phishing attacks. Recently, top crypto platforms reported that an email vendor was compromised in an exploit. As such, the emails of several users may be exposed to phishing scams.

Also Read: Scam Victim Reclaims $70M in Stolen Cryptocurrency

Some users have also reported losing their assets after accidentally downloading malware to their computers. On-chain sleuth ZachXBT recently reported how a follower lost $245,000 through a social engineering scam.

Transaction Trail. (Source: ZachXBT)

The victim was contacted by a scammer on X pretending to be a16z partner, Peter Lauten, to start a podcast partnership. The scammer directed them to download an app called Vortax for video calls, but the app turned out to be malware, draining their wallet.