Private Key Leak Triggers $2.7 Million Exploit on OKX Platform
Leaked private keys from an OKX smart contract allowed an attacker to steal USD $2.7 million worth of funds.
OKX has promised to cover losses of those affected by the breach.
The hack has highlighted the potential vulnerability of decentralised platforms despite their user control advantages.

OKX, a decentralised exchange (DEX), renowned for facilitating low-fee, high-liquidity asset swaps, has been hacked to the tune of USD $2.7 million (AUD $4.05 million). The breach was revealed on December 13th by blockchain security team SlowMist, who took to X (formerly Twitter) to announce the news.

SlowMist Security Alert: OKX DEX Proxy Admin Owner’s Private Key Suspected to be Leaked

According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist’s analysis, it was found that when users exchange, they authorize…

— SlowMist (@SlowMist_Team) December 13, 2023

Proxy Admin Owner Private Keys Stolen

The cause of the loophole in an OKX smart contract allegedly started with the leaking of the “Proxy Admin Owner’s” private keys. The hacker, now with access to the contract, quickly upgraded the capabilities of the DEX Proxy Admin. Significantly,  they enabled the “claimTokens” function, which essentially allows the contract owner to approve token swaps that would otherwise be declined.

As OKX scrambled to retain control of the smart contract, a few hours later the hacker upgraded the contract once again to re-enable the claimTokens ability. A wide range of cryptocurrencies were stolen from the OKX liquidity pools, including USDC, USDT, SHIBA INU and more across 31 independent transactions into the same wallet (now referred to as OKX Exploiter 2).

OKX To Fully Reimburse Victims

OKX was quick to stem the bleeding before things got out of hand, but the million-dollar loss of funds is nothing to sneeze at. However, the exchange plans to remedy the situation by fully reimbursing those affected by the compromise.

The old abandoned MM contract was attacked, and the attack has been located and stopped. The losses of the users involved will be fully borne.

OKX

It’s worth noting that at the time of writing the message, OKX only believed the exploit size to be approximately USD $391K (AUD $586K). That number has since ballooned to over two million, so whether the DEX remains true to its word will make for an interesting watch. OKX does have several insurance funds in place for mass liquidation events, so it is likely they were at least somewhat prepared for an event of this scale.

The hack is a sobering reminder that decentralised platforms aren’t necessarily safer than their centralised counterparts. While DEXs offer superior control over one’s own cryptocurrencies, most major hacks and exploits actually occur on the DeFi side of things – not on major centralised exchanges (CEXs).

People say they want decentralization, so builders give them DEXs.

Just because its decentralized, folks think we won’t lose our assets. No you are wrong, you can still get hacked, and today’s unfort episode with OKX DEX is a reminder of “be careful of what you wish for”.

— Eugene Ng (I’m Hiring) (@Eug_Ng) December 13, 2023

The post Private Key Leak Triggers $2.7 Million Exploit on OKX Platform appeared first on Crypto News Australia.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: Bitcoin - @ December 14, 2023 3:19 am