After a series of hacks, representatives of the OKX crypto exchange said that the hacker "forged court documents" to obtain personal information from a "very limited number" of users.
关于近期个别客户账户出现安全事件的情况说明
1. 所有此事件的有关用户都已经/马上得到圆满解决;
2. 此事件与谷歌验证器或短信验证的选择无关,但是 #OKX 确实推荐有能力的用户使用谷歌验证器;
3.…
"All users involved in the incident have been reimbursed/will be reimbursed properly. [...] The OKX account protection system has been in operation for more than a decade. We are fully confident in her safety, but we will continue to adhere to the principle of compensation for losses caused by our fault," the publication says.
Earlier, Dilation Effect analysis revealed potential vulnerabilities in the exchange's security mechanism. The study showed that the system allows you to bypass the Google Authenticator 2FA service and switch to checks with a lower level of security (SMS, adding an address to the white list, etc.).
However, OKX refuted this assumption. According to the appeal, the hack "has nothing to do with Google Authenticator or SMS verification."
The case is already being investigated by the judicial authorities, so the company does not disclose specific details.
"We have optimized the judicial cooperation process, implemented a verification mechanism and enhanced the security level of facial recognition using AI. In the future, we will introduce a mechanism for the expiration of a verified address in the address book to prevent the recurrence of such incidents," OKX stressed.
The fate of the victims
On June 9, the analytical company SlowMist reported suspicious hacks of OKX accounts. The attacks affected two Japanese users and were similar in execution.
两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB
— Cos(余弦)😶🌫️ (@evilcos) June 9, 2024"In addition to the common features mentioned by [another hacked user under the nickname] AsAnEgg, the SMS risk notification came from Hong Kong, and a new API key was created (with withdrawal and trading permissions, so we previously suspected the intention of cross-trading)," the researchers noted.
The addresses of the wallets associated with the hacker are now being tracked by SlowMist, but the team has not yet disclosed additional information so as not to interfere with an active investigation.
Analysts have asked other possible victims of the attackers to contact them. Earlier, journalist Colin Wu also reported on an OKX client who was robbed of more than $2 million using AI.
On June 11, the operational manager of the QuantMatter market maker under the nickname Crypto LaLa became a victim of hackers. She said that the hacker had withdrawn $11 million worth of assets from her main and subaccount.
Data: X."The hacker got full access to my account. He converted assets into ETH and withdrew all funds in 25 minutes. I noticed this in one of my subaccounts. When I checked the main account, all the money had already been stolen," Crypto LaLa wrote.
As with other incidents, the last known victim of the attackers did not receive alerts from the security system. Information on compensation of funds for the QuantMatter employee has not yet been received.
Recall that on June 3, it became known that a hacker gained control of the account of a Chinese trader on Binance, without having a password and access to two-factor authentication. After a number of transactions, he withdrew assets worth $1 million.
Representatives of the exchange shifted all the blame to the user himself and a malicious plug-in for the Chrome browser called Aggtrade.