Hackers have allegedly targeted OKX, stealing funds from at least two accounts in a sophisticated attack involving SMS risk notifications and the creation of new API keys.
Crypto exchange OKX has reportedly been targeted by hackers, with at least two users reporting their funds were drained after receiving SMS risk notifications from Hong Kong.
According to SlowMist founder Yu Xian, an unidentified entity created new API keys with withdrawal and trading permissions, allowing them to swap and drain the coins from the platform.
OKX’s Chinese branch stated in a Jun.9 post on X that the exchange has reached out to the affected users and is currently investigating the incidents.
关于今日网络反馈的“交易所用户资产被盗”情况我们十分重视,已经与相关用户取得联系,目前正在就相关情况进行调查,如最终确定为平台责任平台会主动承担。此外,我们会在相关调查结束后第一时间公布结果,请各位耐心等待并停止不必要的猜测。感谢大家的支持。
— OKX中文 (@okxchinese) June 9, 2024
“If it’s finally determined that the platform is responsible, the platform will take the initiative to bear it. In addition, we will announce the results as soon as the relevant investigation is completed.”
As of press time, the full extent of the attack remains unclear, and it’s yet to be seen how exactly the hackers managed to hijack the trading accounts.
SIM swapping, a form of phone hijacking, has long been a significant threat to crypto investors, with even major industry players falling victim.
For instance, in 2021, Coinbase disclosed that hackers had stolen crypto from about 6,000 users by bypassing multi-factor authentication in a suspected phishing campaign that involved hijacking two-factor authentication SMS messages.
Other incidents have involved hijackers porting phone numbers to intercept one-time passwords and validate transactions or change account credentials.
In response, many major crypto companies have moved away from SMS-based two-factor authentication, though some still rely on this authentication method.
