OKX Secretly Reimburses Victims of Account Hijacking

UTC by Chimamanda U. Martha · 3 min read
OKX Secretly Reimburses Victims of Account Hijacking
Photo: Depositphotos

In addition to compensating the victims, OKX has improved its security measures to prevent similar incidents in the future.

Leading cryptocurrency exchange OKX has discreetly reimbursed two users who lost funds to hackers in a SIM-swap attack on June 9, 2024. The accounts were compromised through the hijacking of SMS and email credentials, which led to unauthorized access and subsequent theft.

The hackers sent a risk notification SMS to both users while concealing the actual origin of the message, and then created a new API key as part of the account authentication process, automatically gaining access to the accounts.

OKX Adds Additional Layer of Security

OKX announced that it was investigating the issue and had involved law enforcement to track the hackers and uncover their identities.

However, as of now, the company has not provided any public updates on the progress of the investigation. Instead, OKX has quietly refunded both victims without making a public announcement.

In addition to compensating the victims, OKX has improved its security measures to prevent similar incidents in the future. The exchange has introduced a mandatory Google Authenticator for all accounts on the platform.

This additional layer of security is expected to provide more robust protection against such vulnerabilities.

Security Flaws Identified

When the incident happened over the weekend, blockchain security group Dilation Effect (DE) identified a flaw in OKX’s security system. The group stated in a post on X that the exchange allowed users to switch from two-factor authentication (2FA) to ‘lower security verification methods,’ such as SMS verification, during sensitive user operations. These operations include withdrawals, whitelisting addresses, changing login passwords, and disabling 2FA verification.

DE discovered that these actions did not initiate a 24-hour withdrawal ban on the exchange. This oversight allowed bad actors to withdraw funds from compromised accounts without triggering any suspicion, as the ban only activates when users log into a new device.

However, with the implementation of Google Authenticator, cybercriminals will face greater difficulty exploiting accounts on the platform. Users will now be required to input a six-digit code from their authenticator app to verify their actions, adding an additional layer of security that significantly reduces the risk of unauthorized access.

Not the First

Meanwhile, OKX is not the only exchange to suffer a SIM-swap attack in the crypto industry. Bankrupt crypto exchange FTX was a victim of a SIM-swap attack back in 2022 during a brief liquidity crisis. Hackers managed to steal around $400 million from the platform.

Even the United States Securities and Exchange Commission (SEC) experienced a SIM-swap attack earlier this year in January. Hackers gained control of the agency’s account on X and made a fake post announcing that the financial watchdog had approved the first Bitcoin exchange-traded funds (ETFs) in the country.

The SEC later regained access to the account and confirmed that “an unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack”. Influencer personalities in the industry, such as Ethereum co-founder Vitalik Buterin, have also suffered from SIM-swap attacks.

In September 2023, Buterin was logged out of his X account, and the attackers used his platform to promote a crypto scam, enticing victims with offers of free digital collectibles.

Cybersecurity News, News, Technology News
Related Articles