Popular cryptocurrency exchange OKX has seen over $630 million in outflows over the last seven days as mounting security concerns have seen users head for the exits, with data suggesting they’re moving to leading cryptocurrency exchange Binance instead.

According to data from DeFiLlama, OKX has seen $633.8 million of outflows over the last 7-day period, while leading exchange Binance saw $1.36 billion of inflows over the same period. Other major competitors, including Bitfinex, Robinhood, Bybit, and Crypto.com all saw outflows, while HTX and KuCoin saw minor inflows of $19 million and $1.8 million respectively.

Users are moving their funds off of OKX, as BeinCrypto reported, after two different users saw their accounts get depleted with a “surprisingly similar” method by hackers who managed to breach victims’ two-factor authentication credentials through an SMS risk notification from “Hong Kong.”

According to a security expert on the microblogging platform X (formerly known as Twitter), the attackers then created a new API key, leading investigatiors to believe they then traded the funds for their own gain.

两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB

— Cos(余弦)😶‍🌫️ (@evilcos) June 9, 2024

Security researchers at Dilation Effect identified a critical weakness on the cryptocurrency exchange: users can switch from Google Authenticator, a more secure verification method, to less secure options like email or SMS authentication which allowed the hackers to bypass users’ two-factor authentication.

Furthermore, OKX reportedly lacks crucial risk control measures. Unlike other exchanges, OKX doesn’t automatically implement a 24-hour withdrawal ban when users engage in sensitive activities like disabling 2FA or changing login credentials.

Additionally, withdrawals from whitelisted addresses lack dynamic verification based on withdrawal limits, potentially allowing attackers to exploit these loopholes. In response to these concerns, OKX has assured users that they are investigating the incidents and will bear the financial burden if the platform is found to be at fault, although, the exchange has not yet addressed the specific security flaws identified by researchers.

⚠️ Essential Security Tips – Stay Safe! ⚠️🚨 Be skeptical of unsolicited offers: Do your own research. 🔐 Secure your wallet: Keep your seed phrase safe.🔍 Verify profiles: Likes & comments from OKX ≠ endorsement

— OKX (@okx) June 11, 2024

Featured image via Unsplash.