OKX cryptocurrency exchange and its security partner SlowMist are investigating a significant exploit that led to the theft of two user accounts.
The breach, occurring on June 9, involved an SMS attack, commonly referred to as a SIM swap, which was used to steal the accounts. Yu Xian, the founder of SlowMist, reported this incident on X (formerly Twitter).
âThe SMS risk notification came from Hong Kong and a new API Key was created (with withdrawal and trading permissions, which is why we suspected a cross-trading intention before, but it seems that it can be ruled out now).â
âWhile the exact amount stolen is unclear, Xian noted that âmillions of dollars of assets were stolen.â
SlowMist is still investigating the hacker wallet and the underlying incidents. It appears the vulnerability may not lie with the exchangeâs two-factor authentication (2FA) mechanisms.
Xian mentioned, âI havenât turned on a 2FA authenticator like Google Authenticator, but Iâm not sure if this is the key point.â
OKXâs 2FA mechanism reportedly allowed the attackers to switch to a lower-security verification method, enabling them to whitelist withdrawal addresses via SMS verification, according to the Web3 security group Dilation Effect.
READ MORE: Australia Bans Crypto and Credit Cards for Online Gambling to Protect Citizens from Financial Risks
More sophisticated hackers have increasingly been bypassing 2FA methods.
For example, a Chinese trader lost $1 million at the beginning of June to a scam involving a promotional Google Chrome plugin called Aggr.
This plugin stole user cookies, which hackers used to bypass passwords and 2FA authentication.
Phishing attacks surged in June following a data breach at CoinGeckoâs third-party email management platform, GetResponse.
This breach led to 23,723 phishing emails being sent to victims. Phishing attacks typically aim to steal sensitive information like crypto wallet private keys.
Another form, known as address poisoning scams, tricks investors into sending funds to fraudulent addresses that closely resemble legitimate ones.
Private key and personal data leaks have become the primary causes of crypto-related hacks, as attackers target the easiest vulnerabilities.
According to Merkle Scienceâs 2024 HackHub report, over 55% of hacked digital assets in 2023 were lost due to private key leaks.
To submit a crypto press release (PR), send an email to sales@cryptointelligence.co.uk.