OKX’s decentralized exchange (DEX) recently fell victim to an exploit, resulting in a significant loss of over $430,000. The incident came to light when an X wallet for OKX Web3 confirmed the compromise of a deprecated smart contract on the OKX DEX.
Although an official post-mortem analysis is pending, experts at SlowMist highlighted on an X post that the breach was possibly due to a leaked private key of the OKX DEX proxy admin owner. This security lapse allowed unauthorized access, enabling hackers to manipulate the protocol and modify its operations.
🚨SlowMist Security Alert: OKX DEX Proxy Admin Owner's Private Key Suspected to be Leaked🚨
According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist's analysis, it was found that when users exchange, they authorize…
— SlowMist (@SlowMist_Team) December 13, 2023
Once the exploit was initiated, attackers altered the DEX proxy contract’s functionality, initiating token theft from users who had previously granted permission for the protocol to interact with their wallets.
Preliminary assessments reveal that users collectively incurred losses exceeding $430,000 in cryptocurrency. Etherscan data reveals that the attacker’s address holds a stash including $70,000 worth of USDC, $70,000 worth of ELON, along with significant amounts in USDT, BTT, and other altcoins.
In response to the breach, the OKX Web3 team swiftly revoked the contract permissions and is actively collaborating with pertinent authorities to track and recover the stolen funds. Additionally, they have pledged to compensate affected users, committing to reimbursing them with $370,000.
OKX DEX, a non-custodial crypto exchange aggregator developed by the OKX crypto exchange, operates without intermediaries, offering users a platform to trade cryptocurrencies securely.
This exploit underscores the vulnerabilities present in decentralized exchanges and the critical need for robust security measures within the crypto space. As such incidents continue to raise concerns, the industry is prompted to reinforce protocols and enhance security mechanisms to safeguard user assets.