Singaporean market maker QuantMatter had more than $11 million in funds transferred by hackers from its OKX account on May 30th. Its director, Crypto LaLa, claimed that no email notifications or two-factor authentication were triggered during the incident. In response, OKX CEO Xu Mingxing stated that internal records indicate withdrawals went through double verification and urged QuantMatter to cooperate with the investigation.
QuantMatter, a Singaporean market maker, reported that $11.6 million was stolen from its OKX account.
QuantMatter had installed an offline Google authenticator.
Xu Mingxing: Internal records indicate withdrawals went through double verification.
OKX exchange has recently faced a series of account security issues, causing concerns among users about the platform’s security. In response, the official OKX statement yesterday (12th) stated that user issues related to these security incidents have been or are about to be resolved. For details, please refer to yesterday’s report on the official website.
However, earlier today, another incident of losses totaling over $11 million due to hacking was reported, which has garnered widespread attention in the community.
On the 11th, Crypto LaLa, director of the Singaporean market maker QuantMatter, posted on X that on May 30th, hackers added multiple whitelisted addresses within a short 25-minute period, converting all the funds in her OKX account to BTC, ETH, USDC, and USDT, and transferred them to on-chain addresses. This resulted in her company losing over $11 million, and the hacked funds have not been moved yet.
Crypto LaLa claimed that there were no email notifications or triggered two-factor authentication when the funds were transferred by the hacker, making her feel incredulous. She stated that the loss was not due to a Google browser extension issue but that her OKX account was hacked. She angrily stated:
According to “Wu Blockchain,” unlike previous cases, QuantMatter’s account had an offline Google authenticator installed, and withdrawals required both email and Google authenticator double verification, a security measure managed jointly by the founder and partners.
However, despite this, the funds were stolen over ten days ago, and to date, neither the market maker, security agencies, nor OKX have been able to determine the specific reasons for the theft. The market maker has reported the incident to the authorities in Singapore and contacted over five security agencies for an investigation.
Regarding this security incident, OKX CEO Xu Mingxing stated that the account had no similarities with other cases, and the timing was completely different. While the investigation is still ongoing, he can confirm that:
At the same time, Xu Mingxing mentioned that QuantMatter has not yet cooperated with the investigation and called on the organization to work together to conduct a thorough investigation of the case. OKX senior executive Haiteng also responded, saying:
Haiteng further added, “By only binding the email and offline GA, withdrawals and whitelists cannot skip the offline GA. We hope the other party can communicate with us more and together find out the reason.”
In theory, offline GA verification should provide higher security guarantees, but the exact reasons for the hacking incident and the attribution of responsibility are yet to be further confirmed. Dynamic Zone will continue to track the situation for you.
Related Reports
OKX continues to suffer “user hacked and stolen coins” losses exceeding 1 million pounds, official response: investigation results will be announced first
OKX AI face-swapping “KYC cracking” shock! Generating fake documents to steal over 2 million pounds in assets, what happened?
OKX in big trouble: Wallet burns 254 BTC transaction fees (17.6 million pounds), suspected consolidation program error…
OKX Web3 wallet hacked, victim tearfully lost 50,000 U: What exactly is the security vulnerability?