OKEx users fall into panic! Unusual aggregation of 5.3 BTC, consecutive theft of user assets, OKEx official: Investigating the truth, don't panic
Recently, several concerning events have occurred on the OKX cryptocurrency exchange:
Event 1: The exchange's wallet was found to be abnormally consolidating assets using high Gas Fees to reorganize asset storage addresses.
Event 2: Multiple users reported receiving abnormal email notifications, with malicious mobile verification codes leading to asset withdrawals.
Currently, Event 1 has been explained by the official team and the situation is under control; Event 2 is still under investigation according to the official statement, with external cybersecurity teams assisting the community in prevention.
Table of Contents
OKX Panic Event 1: Abnormal Aggregation
OKX spent 5.3 BTC on transaction fees in a series of activities suspected of asset aggregation, which was highly unusual. Observers noticed and raised concerns, sparking panic. Similar incidents have occurred in the past with Binance. Binance spent nearly a million euros in Gas Fees for asset consolidation, with developers stating that Binance uses inefficient scripts.
Regarding this, OKX officially explained, "At that time, we were testing an aggregation process, which has since been stopped when questioned."
OKX Panic Event 2: User Assets Continuously Stolen
Several users from mainland China expressed on Twitter that they had amounts like 1 million USDT or 800,000 USDT stolen, encountering similar abnormal situations.
Hacker takes away 5 million RMB in 15 minutes: OKX exchange security vulnerability causes user panic
Twitter account @AsAnEgg stated that these individuals all experienced the following abnormal situations:
- OK-related emails were bombarded with spam
- Market orders were used to buy Ethereum frantically
- Ethers were withdrawn using SMS verification codes
Furthermore, their iPhones, used solely for trading, had never clicked on any links.
Cybersecurity expert Yu Xian stated that, in addition to the aforementioned characteristics, the victims' SMS notifications all came from Hong Kong and new API Keys with withdrawal and trading permissions were created. He believes there is a premeditated criminal group and is currently tracking related addresses.
2FA Verification Should Be Enabled
Cybersecurity expert Yu Xian mentioned that the aforementioned victims did not have 2FA verification enabled. While it is unclear if this is related, basic protection measures should still be taken.
OK Responds to User Theft Incidents
OKX responded by stating that the platform takes very seriously the "user assets stolen on the trading platform" feedback received today. They have already contacted the relevant users and are currently investigating the situation. If it is ultimately determined to be the platform's responsibility, they will proactively take responsibility. Additionally, the platform will announce the results as soon as the investigation is completed, urging everyone to be patient and refrain from unnecessary speculation.
Related
- FBI Reveals: North Korea Actively Targeting Cryptocurrency Industry, Using Social Engineering to Target Employees of Crypto Companies
- All North Korean hackers? Elliptic analyzes WazirX was attacked by North Korean hackers, and the recent $300 million from DMM as well?
- Hacker steals 5 million RMB in 15 minutes: OKX exchange security vulnerability triggers user panic