EddieJayonCrypto

 11 Jun 24

tl;dr

OKX exchange has experienced over $633 million in outflows in the last seven days, with $205 million in outflows in the past 24 hours. Concerns about security vulnerabilities, including email and SIM authentication, have led to these outflows. There have been reports of users losing holdings to a ha...

OKX exchange has seen upwards of $633 million in outflows over the last seven days. It comes on the back of security concerns amid rumors that the platform is porous due to email and SIM authentication. The platform says the matters are being investigated and would take responsibility if results prove the fault is in-house.

OKX trading platform has recorded over $633 million in outflows in the last seven days. In the past 24 hours, outflows have reached $205 million, bringing the month-to-date numbers to $340 million, DefiLlama data shows. Based on the centralized exchanges' tabulation, OKX is leading in outflows. This comes after concerns that the exchange’s security loopholes saw some users lose their holdings to a hacker.

The report reveals that the victims received an SMS risk notification from “Hong Kong.” The attacker then created a new API key with withdrawal and trading permissions, leading investigators to suspect intentions of cross-trading. Web3 security enthusiasts from Dilation Effect analyzed the attacks on OKX, examining the platform’s user security settings. The findings were quite surprising, according to the team.

Although users bind their accounts to Google Authenticator (GA), they can switch the verification to a lower-security method like email or SMS, allowing attackers to bypass GA verification. There is no trigger for the risk control measure of a 24-hour currency withdrawal ban, even during sensitive user operations like turning off mobile phones or GA verification and changing the login or password. The risk control measure triggers only when the same account logs in on a new device. There is no dynamic verification based on the withdrawal limit for withdrawals from whitelisted addresses. This means users withdraw money without verification within the withdrawal limit once the address is allowed.

As investigators probe the attacks on OKX user assets, the exchange assures customers it will take responsibility and bear the loss if they find the platform at fault.

Disclaimer

The opinions expressed by the writers at Grow My Bag are their own and do not reflect the official stance of Grow My Bag. The content provided on our site is not intended as investment advice, and Grow My Bag is not an investment advisor. We do not endorse buying or selling any cryptocurrencies or digital assets mentioned in our articles. High-risk investments in Bitcoin, cryptocurrencies, and digital assets require thorough due diligence, and all transfers and trades made are at your own risk. Grow My Bag is not responsible for any potential losses and participates in affiliate marketing.
 22 Nov 24
 22 Nov 24
 22 Nov 24