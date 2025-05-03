Key Notes

Tron DAO has shared a post-event analysis of the hack on its X account.

The protocol wants OKX to help freeze funds belonging to the community.

Cross-exchange support marks a major avenue to beat hacker exploitation in the industry.

For a moment, TRON DAO’s X page was under siege by a hacker who leveraged unauthorized access to publish a post with a contract address. Consequently, TRON founder Justin Sun urged cryptocurrency exchange OKX to freeze funds believed to be linked to the exploit.

Hacker Gets Busy Within TRON DAO Ecosystem

In the early hours of May 3, TRON DAO, affiliated to the Tron Foundation, has acknowledged that its X account was compromised the previous day. Once in, the hacker made a post containing a contract address.

We’re aware that our X account was compromised from 9:25 AM PST on May 2, 2025. During this time, an unauthorized party published a post containing a contract address (CA), sent direct messages (DMs), and followed various accounts unknown to us. Please be reminded: TRON DAO will… — TRON DAO (@trondao) May 3, 2025

The hacker also sent direct messages to several accounts while clicking on the “Follow” button for some other X profiles. TRON DAO claimed that none of this action was completed with its permission.

“TRON DAO will never post contract addresses or send unsolicited DMs. If you received a DM from our account on May 2, please delete it and consider it the work of the attacker,” the protocol clarified.

As confirmed, the exploit came from the loopholes traced to a member of its team. The Tron DAO said, “a member of our team was targeted in a malicious social engineering attack, which led to their account being compromised.”

According to the DAO, logging out the perpetrator and restoring TRON’s access were not sufficient to stop the damage initiated by the hacker. The hackers were still able to contact others, offering posts from the TRON DAO main account in exchange for payment. Some funds were allegedly stolen while the hackers were in control of the X account.

Justin Sun Requests OKX to Freeze Funds

In a plot twist, the hacker transferred the siphoned funds to a wallet linked with OKX, per a post from Justin Sun. As a result, he asked the exchange to intervene to ensure that the assets were not moved further and to help with the investigation.

In response, OKX CEO Star Xu told Sun that his firm has a Public Law Enforcement Cooperation policy.

This is a list of guidelines and procedures that require law enforcement agencies to collaborate with other organizations. With it, they could share information with the public, government agencies, and non-governmental organizations.

Xu shared the link to the reporting channels where TRON DAO can drop evidence of the incident.

Dear Mr H.E. Justin Sun, OKX has public LE cooperation policy. You can offer some preliminary evidence of the incident through the public reporting channels(https://t.co/PBAP28camy), we will do a temporary urgent freeze according to the evidence. Then you should work with LE… https://t.co/hpAQiyF7SJ — Star (@star_okx) May 3, 2025

He also assured TRON’s founder that a temporary freeze will be made, but this will be based on the evidence provided. If the attacked protocol plans to extend the freeze, it is required to provide legal documents to OKX. This is part of the exchange’s consumer protection policy.

Crypto Firms Support Each During Hack

While OKX has spelled out its policy, it is worth noting that Sun’s request from the crypto exchange is not a new thing in the broader market.

Crypto exchanges do not consider it a ‘big deal’ to request assistance from their counterparts whenever they come under attack or breach. Decentralized trading platform KiloEx was recently attacked, causing users to lose $7.5 million.

Not too long after, Binance announced it had successfully recovered $6.1 million of the stolen funds. This recovered fund was equivalent to 90% of the total stolen assets.

Binance CEO Richard Teng stated that the exchange’s security team acted swiftly when the KiloEx exploit was detected and reported. The effort was supported by additional collaborations to investigate the incident.

