Key takeaways:
- OKX DEX experienced an exploit linked to a suspected leak of the proxy admin owner’s private key.
- The exploit took place during the upgrade of the DEX Proxy contract, allowing attackers to directly utilize the claimTokens function
On December 13, OKX decentralized exchange (DEX) fell victim to a significant hack, resulting in a loss of $2.7 million. The breach occurred after the private key of the proxy admin owner was reportedly leaked.
Unlike recent attacks on exchanges that focused on manipulating smart contracts, this incident involved stealing the credentials necessary to access the exchange’s wallets, where funds were held in escrow until transactions were completed.
Blockchain security firm SlowMist Zone first reported the issue on December 13, stating that the problem began on December 12, 2023, around 10:23 pm, following an upgrade of the DEX proxy contract by the proxy admin owner.ย
The hacker, after gaining access through a private key leak, exploited earlier token approvals granted by users to the contract, allowing them to steal assets.
The compromised funds included cryptocurrencies from 20 different tokens, with an estimated total value of about $424,000. Notably, the stolen tokens, such as ELON, SHIB, and KEK, while spread across various altcoins, had relatively low liquidity.
Security firm Cyvers suggested that the overall loss could be as high as $1.1 million, with part of the stolen funds deposited to Railgun and distributed to externally owned accounts (EOAs), allegedly funded by Tornado Cash.
The OKX web3 team released an official statement acknowledging a security breach in a deprecated smart contract on OKX Dex. Immediate actions were taken to secure user funds and revoke compromised contract permissions.
The team is collaborating with authorities to trace stolen funds and plans to reimburse affected users with $370,000. A thorough review is underway to prevent future incidents, with apologies for any inconvenience caused.
This incident adds OKX DEX to the growing list of decentralized finance (DeFi) exploits in the past year, alongside attacks on Florence Finance, KyberSewap, HTX, and Heco Bridge.
Despite the breach, OKX has assured its users that it will cover all losses resulting from the exploit. Blockchain investigation firm PeckShield reported the total loss of $2.7 million in various cryptocurrencies and advised users to revoke any existing permits as a precautionary measure.
As the cryptocurrency landscape continues to face security challenges, users and platforms alike are urged to prioritize and enhance their security measures to mitigate the risk of such incidents.