The post OKX DEX falls to exploit: What about your holdings? appeared on BitcoinEthereumNews.com.

A private key compromise allowed the attacker to transfer unauthorized tokens. OKX admitted to the exploit and said it would compensate victims. Crypto funds worth more than $400,000 were stolen from OKX DEX, a decentralized exchange aggregator platform, according to blockchain security firm SlowMist. Decoding the modus operandi The exploit was ascribed to a compromise of the management rights of a market maker contract, allowing the attacker to transfer tokens not authorized by the users. OKX DEX, an offering by popular centralized exchange OKX [OKB], combines the different trading prices through all integrated third-party DEXes and recommends the best trading price to users. When users want to send tokens, they must approve a TokenApprove contract, which allows the funds to be claimed by the receiver. After this, the claimTokens function of the contract is triggered, which completes the transfer. However, in the late hours of the 12th of December, a manager of the contract mischievously altered the functionality. This was most likely caused by the leak of the account’s private keys. According to SlowMist, the new implementation surpassed the authorizing part, enabling the attacker to directly execute the claimTokens function. As a result, the attacker was able to empty users’ wallets of thousands of dollars. SlowMist flagged the address of the suspected attacker along with the address where the hack proceeds were going to. OKX will compensate users Responding to the claims, OKX admitted to the exploit and linked it with an abandoned DEX contract which was no longer in use. However, it said that the affected contracts have been deactivated. The DEX estimated the hacked amount to be around $370,000 and assured affected users of compensation. As for the rest of the user assets, the exchange said that they were safe. OKX stated that it would undertake a security…

---

Filed under: News - @ December 13, 2023 8:18 am