OKX, one of the leading cryptocurrency exchanges, has seen a staggering $204 million withdrawn within the last 24 hours and a total of $630 million in the past week. The sudden surge in outflows is attributed to a series of security lapses that have eroded user confidence.
Major Security Flaw Exposed
On June 9, two users of OKX suffered significant losses in a suspected SIM-swapping attack, highlighting a critical vulnerability in the exchange’s two-factor authentication (2FA) system. The accounts were compromised due to this flaw, allowing attackers to bypass security measures and steal funds.
Blockchain security firm SlowMist’s founder, Yu Xian, reported that the affected users received SMS risk notifications from Hong Kong just before a new API key was created for their account verification. Further investigations by security analysts at Dilation Effect revealed that OKX’s authentication system allowed users to switch from Google Authenticator (GA) to less secure methods during sensitive operations, bypassing GA verification.
Inadequate Risk Control Measures
One of the critical issues identified was that OKX’s security system did not trigger 24-hour withdrawal bans during sensitive operations, such as disabling GA verification or changing login passwords unless the login occurred from a new device.
Additionally, withdrawals to whitelisted addresses did not undergo dynamic verification based on the amounts withdrawn, unlike other exchanges that impose limits and require re-verification when limits are exceeded. This lack of stringent verification for sensitive operations has made the platform more vulnerable to attacks.
OKX’s Response and Investigation
In light of these security breaches, OKX has launched an investigation and reached out to the affected users. The exchange has also encouraged all its clients to enable two-factor authentication to enhance their account security. Despite these efforts, the damage to user trust has led to a significant wave of withdrawals as customers seek safer alternatives.
OKX’s recent struggles underline the critical importance of robust security measures in cryptocurrency exchanges, especially as the industry continues to grow and attract more users.
Discussion about this post