Two OKX user accounts hacked as SMS notification security compromised

Cryptocurrency exchange OKX saw two of its user accounts hacked on Jun 9. The attack allegedly transpired due to the SMS notification security of the platform being compromised.

According to security firm SlowMist, two different victims lost access to their accounts to the attackers. Both incidents saw SMS risk notifications originating from “Hong Kong.”

OKX accounts compromised 

While this is a security feature, the attacker allegedly managed to exploit it. Using this approach, the attacker created altered API keys with permissions to withdraw and trade.

The exact intricacies of the attack have yet to be publicized by the security specialist as it is waiting for the victim’s consent.

SlowMist anticipates that the attack was carried out by a premeditated gang. The security firm’s tracking arm, MistTrack, is monitoring the hacker wallet addresses involved.

At the time of publication, the amount of funds lost has not yet been revealed.

Analysts at SlowMist initially speculated the attack to be a cross-trading attempt.

A similar incident saw a Chinese trader lose $1 million. The hacker had gained access to the trader’s web browser cookie data via a malicious Chrome plugin dubbed Aggr.

The cookies were used to hijack the trader’s active user sessions without the need for a password or authentication.

After this, the attacker used cross-trading to make profits, as the funds from the victim’s account could not be withdrawn directly due to the two-factor authentication in place.

However, SlowMist has dismissed this theory for the OKX exploits.

In this scenario, 2FA authentication tools like Google Authenticator were not enabled by the affected users.  The cybersecurity firm is unsure if this allowed the attackers to breach the accounts.

OKX to take responsibility

Meanwhile, OKX has acknowledged the exploits. The firm has vowed to take full responsibility for the attack if evidence suggests it was due to their security failing.

The platform is currently investigating the matter.

This has been a bad week for the OKX in terms of security hiccups. Last week, another customer of the exchange lost $2 million worth of crypto assets in a separate exploit.

Attackers used user data breached in a Telegram data leak to gain access to the victim’s OKX account.

Subsequently, they employed AI-generated deep fake video of the victim to change the security features of his account, including his phone number and even his Google authenticator.

That’s not all. Prior to this attack, OKX Dex, a DEX (Decentralised Exchange) and cross-chain bridge aggregator, lost $430,000.

SlowMist reported that the OKX DEX proxy admin owner’s private key had allegedly leaked. The hackers modified the protocol using this access and managed to steal funds from all users who interacted with the malicious protocol.

The post Two OKX user accounts hacked as SMS notification security compromised appeared first on Invezz