OKX Exchange has been hit by not just one, but multiple cases of users having all their assets stolen by hackers within 24 hours, with the official statement claiming a serious investigation is underway and the platform will take responsibility if it’s a result of a platform vulnerability.
Over the Dragon Boat Festival holiday, the crypto community was shocked by the cries of OKX users who had their accounts hacked within 15 minutes, resulting in their tokens being completely stolen, with a total value of nearly 5 million Chinese Yuan, quickly triggering fear, uncertainty, and doubt among many users.
On the 9th of this month, a Chinese community member named “Le Yan” posted on Twitter, lamenting how all his assets within OKX were stolen by hackers, including his lifelong savings worth nearly 5 million Chinese Yuan, equivalent to about 2.25 million New Taiwan Dollars.
The title of the post was quite sensational, aiming to draw attention from OKX officials for resolution. In the description of the incident, he mentioned, “Hackers were able to log into my OKX account without obtaining my verification code, and add whitelisted withdrawals.”
In the images he posted, it was visible that the verification code email for the OKX withdrawal was unopened, yet all the tokens in the account had been withdrawn. Users were highly skeptical, suggesting a vulnerability in the OKX system that allowed assets to be withdrawn bypassing the verification code process.
Similar cases within 24 hours
Coincidentally, multiple similar cases of OKX users being hacked were reported within 24 hours. User “Dr. Hash” Wesley posted a video, claiming his friend’s account was hacked for 1 million U, garnering significant attention.
Another user, “One Braised Egg,” also mentioned a friend being hacked for 800,000 U, using a similar method:
OKX registered email bombarded with spam
Crazy buying of Ethereum at market price
Withdrawing Ethereum through mobile verification code
Multiple reports of hacking incidents not only caught the attention of OKX officials but also prompted preliminary analysis from Yu Xian, the founder of SlowMist, who noted that the methods used to steal coins from the victims were similar, including mobile SMS showing locations outside Hong Kong and the creation of new APIs for trading and withdrawals.
Yu Xian stated that this was a premeditated group operation.
Official response: Will take responsibility if platform is at fault
Due to the victims’ descriptions, OKX’s customer service did not respond properly at the time of the incident, leaving them frustrated and puzzled. In response to the overwhelming feedback from users, OKX officially responded on Twitter, stating that they will take responsibility if the issue is due to their own platform problems:
Just days ago, OKX accidentally burned over 10 million USD worth of BTC due to a wallet consolid