Decentralized exchange OKX was exposed last weekend for a user fund hack, triggering widespread discussions in the community. Security agencies believe that this incident of user fund hacking has brought to light issues with OKX’s security settings. Additionally, possibly due to the impact of the hacking incident, many users found unfamiliar addresses in the USDT withdrawal whitelist on OKX, causing community panic. In response to this, OKX CEO Xu Mingxing unusually replied in Chinese on the community platform.
Security agencies: Issues with OKX security settings
Suspicious addresses added to whitelist
OKX CEO: OKX address book function needs improvement
Centralized exchange OKX was frequently reported to have funds hacked over the weekend, with multiple netizens posting on the community platform X claiming that their funds stored on OKX exchange were stolen by hackers, causing unease among numerous OKX users.
According to a report by Dong Qu on the 10th, multiple similar hacking incidents appeared on the community, with a netizen “Le Yan” who claimed to have been hacked of 2.25 million NTD, stating:
Coincidentally, netizen Dr.Hash “Wesley” also posted a video, claiming that his group member was robbed of 1 million USDT. Another netizen “One Lu Dan” also mentioned a friend being robbed of 800,000 USDT, all through the use of mobile SMS and email verification codes to transfer funds.
As the situation continued to escalate, the official response from OKX also stated that if it was an issue with their platform, they would take the initiative to handle it:
Against this backdrop, security research agency Dilation Effect posted yesterday, stating that they conducted a quick analysis of OKX’s user security settings and found the following issues:
Even though users bind Google Authenticator, the verification allows switching to a lower security level, bypassing Google authentication.
Sensitive operations by users do not trigger the 24-hour withdrawal restriction control measures, such as turning off mobile verification, turning off Google Authenticator, and changing login passwords, etc.
Whitelisted addresses for withdrawals do not have dynamic verification based on withdrawal limits, so once an address is added to the whitelist, it can withdraw unlimitedly within the withdrawal limit, unlike other exchanges that set limits and require re-verification if exceeded.
Additionally, Dilation Effect also reminded users to bind Google Authenticator to their accounts, as email and SMS verification are vulnerable to hacker attacks.
On the other hand, renowned security expert 0xAA posted this morning, stating that many users found unfamiliar addresses in the USDT withdrawal whitelist of OKX accounts:
Due to OKX being in the midst of a hacking storm, many users are concerned about the security of their assets in their accounts. Any doubts about security may trigger user panic, so 0xAA also urged OKX officials to come forward and explain as soon as possible.
In response to 0xAA’s question, OKX officials also replied in the community, stating that newly added non-certified addresses would be at the top, so the unfamiliar address could not have been newly added.
Subsequently, 0xAA also clarified the rumors and advised OKX to update their address book to avoid user misunderstanding:
Furthermore, addressing the rumors about the address book, OKX CEO Xu Mingxing also responded in Chinese on the community platform, acknowledging that the OKX address book function indeed needs improvement and once again promised that if user losses were caused by OKX’s own issues, OKX would take full responsibility.
Related Reports
OKX Web3 wallet hacked, victim laments loss of 50,000 U: What exactly is the security vulnerability?
OKX shocked by AI face-swapping “KYC cracking”! Generating fake documents to steal over 2 million NTD assets, what happened?
Latest DeFi hedging strategy | OKX Web3 & BlockSec Security Special Edition: All whales please take note