• OKX users who were recently affected by a hack received full compensation from OKX.

  • The exchange decides to add a mandatory Google Authenticator to avoid similar incidents.

  • SlowMist reported earlier that the accounts were compromised by a SIM-swapping attack.

The two OKX users who were recently hacked received their full compensation from OKX. . Chinese crypto journalist Colin Wu had a report on two user accounts that were hacked through SMS and email hijacking.

Exclusive: Two users whose OKX accounts were stolen have received full compensation from OKX. The suspected cause was the hijacking of their SMS and email. OKX has decided to add mandatory Google Authenticator in the future to avoid similar incidents from happening again. https://t.co/MmRSLXohBt

— Wu Blockchain (@WuBlockchain) June 12, 2024

On June 9, 2024, Blockchain security firm SlowMist founder Yu Xian reported a major exploit in the OKX ecosystem, resulting in the loss of funds for two OKX users. The users’ accounts were reportedly compromised in a SIM-swapping attack due to a vulnerability in the platform’s Two-Factor authentication (2FA) security system.

䞀äžȘäžćŒçš„ć—ćźłè€…ïŒŒä»Šć€©ć‡Œæ™šé­é‡çš„äș€æ˜“æ‰€èŽŠć·èą«ç›—ćžäș‹ä»¶çš„æ‰‹æł•ćŠäž€äș›ç‰čćŸć±…ç„¶æ˜Żç›žäŒŒçš„ïŒŒé™€äș† @AsAnEgg æćˆ°çš„ć…±æ€§ïŒŒèż˜ćŒ…æ‹ŹçŸ­äżĄéŁŽé™©é€šçŸ„æ„è‡Șâ€œéŠ™æžŻâ€èż™äžȘç‰čćŸă€ćˆ›ć»șäș†æ–°çš„ API KeyïŒˆæœ‰æçŽ°ă€äș€æ˜“æƒé™ïŒŒèż™äčŸæ˜Żäžș什äčˆäč‹ć‰æ€€ç–‘有ćŻčæ•Čæ„ć›ŸïŒŒç›źć‰çœ‹æ„ćŻä»„æŽ’é™€äș†ïŒ‰ă€‚  https://t.co/pqIjqLhmkB

— Cos(äœ™ćŒŠ)đŸ˜¶â€đŸŒ«ïž (@evilcos) June 9, 2024

Xian elaborated on the hackers’ potential strategies and the critical details identified by the tracker, he stated,

“The SMS risk notification came from “Hong Kong” and a new API Key was created
The premeditated gang committed the crime in a concentrated manner.”

Security analytics platform Dilation Effect further investigated the matter and identified a vulnerability in OKX’s authentication system, finding that OKX allows for lower security verification methods during sensitive operations.

In response to the hack, OKX initiated a probe and contacted the affected users, promising compensation if OKX was found responsible for the losses. The platform stated:

“We attach great importance to the “exchange user assets stolen” situation reported online today
If it is finally determined that the platform is responsible, the platform will take the initiative to bear it. In addition, we will announce the results as soon as the relevant investigation is completed.

As per Colin Wu’s post, OKX has fulfilled its promise. Additionally, the platform has decided to implement mandatory Google Authenticator to prevent any such mishaps in the future.

The post OKX Hacked: Victims Reimbursed, 2FA Security Beefed Up appeared first on Coin Edition.