TLDR
- OKX users fell victim to a SIM swap attack that led to the theft of an undisclosed sum of funds from their accounts on June 9, 2024.
- The attackers sent fake SMS notifications appearing to be from OKX, tricking the victims into creating new API keys with withdrawal and trading permissions.
- This attack follows a previous deepfake incident on OKX where cybercriminals used AI videos to bypass the exchange’s security measures.
- As a result of these security breaches, OKX has seen an outflow of $837 million in the past week, with $204 million withdrawn in the last 24 hours alone.
- While OKX investigates the attacks, Binance and other major exchanges like KuCoin and Gate.io have seen significant inflows during the same period.
Cryptocurrency exchange OKX has been rocked by a security breach that led to the theft of funds from at least two users’ accounts.
The incident, which occurred on June 9, 2024, involved a sophisticated SIM swap attack where hackers tricked the victims into creating new API keys with withdrawal and trading permissions.
According to Yu Xian, the founder of blockchain security firm SlowMist, the attackers sent fake SMS notifications that appeared to be from OKX and originated from Hong Kong.
两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB
— Cos(余弦)😶🌫️ (@evilcos) June 9, 2024
These fraudulent messages prompted the users to take actions that ultimately gave the hackers control over their accounts.
This latest breach follows a previous incident last week where cybercriminals used deepfake AI videos to bypass OKX’s security measures, further highlighting the exchange’s ongoing struggles with maintaining a secure platform.
In response to the SIM swap attack, OKX released a statement acknowledging the situation and assuring users that an investigation is underway.
The exchange also promised to compensate affected users if the platform is found responsible for the breach.
The impact of these security incidents has been substantial, with OKX experiencing a significant outflow of funds.
Data from DefiLlama shows that users have withdrawn approximately $204 million from the exchange in the past 24 hours and $633 million over the past week, totaling an alarming $837 million.
While OKX grapples with these challenges, its competitors have seen substantial inflows during the same period. Binance, the leading global crypto exchange, has recorded a net inflow of $1.364 billion over the past seven days.
Other exchanges like HTX (formerly Huobi Global), KuCoin, and Gate.io have also experienced inflows of $19.36 million, $1.82 million, and $50.83 million, respectively.
As the investigation into the OKX breach continues, blockchain investigators have put forth different theories about the potential cause of the attacks.
Yu Xian from SlowMist suggests that the hackers exploited a loophole in OKX’s two-factor authentication (2FA) system, using a sophisticated SIM-swap technique to infiltrate the platform’s security measures.
