The post OKX Takes Action After Multi-Million Dollar Security Breach appeared first on Coinpedia Fintech News

Cryptocurrency exchange OKX, with the help of its security partner SlowMist, is studying a large-scale security incident in which unauthorised persons stole two users’ accounts through an SMS attack or phishing on June 9. 

Initially discovered by the SlowMist founder, the leak entailed generating a new API key with the privileges of taking and trading. However, the amount that was embezzled is thought to be in the millions. 

两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB

— Cos(余弦) (@evilcos) June 9, 2024

Still, SlowMist and other analysts stated earlier that OKX’s two-factor authentication (2FA) was not the primary weakness. A Web3 security group Dilation Effect disassembling the attack found that hackers used the lower-security verification routine to whitelist withdrawal addresses via an SMS option.

OKX Founder Addresses Recent Million-Dollar Breach

OKX founder has recently addressed the crypto community concerning the recent security breaches, stating that all incidents have been fixed. He noted that the incidents were not connected with the Google Authenticator or SMS verification option, though OKX advises using Google Authenticator for increased security. 

关于近期个别客户账户出现安全事件的情况说明 1. 所有此事件的有关用户都已经/马上得到圆满解决; 2. 此事件与谷歌验证器或短信验证的选择无关,但是 #OKX 确实推荐有能力的用户使用谷歌验证器; 3.…

— OKX中文 (@okxchinese) June 12, 2024

The security system has been working on the platform for more than 10 years and is still reliable, and OKX still compensates customers for losses caused by the company’s security failures. 

One of the major components of the breach was fake judicial documents being used to obtain information on a few customers. OKX handles the judicial cooperation issue well, a verification mechanism has been put in place, and AI face recognition security has improved. 

New mechanisms are also to be incorporated regarding the expiration of authentication addresses to avoid such occurrences. After these strategies had been implemented, there was no record of other users losing their accounts to theft or the leakage of their information. 

The company is improving its protection infrastructure, for instance, by improving advanced face recognition methods and AI and other better verification systems. To unlock the loss, OKX assured users that their funds were safe and affirmed the company’s commitment to avoiding such calamities in the future to retain customers in the unpredictability of the cryptocurrency market.