OKX’s decentralized exchange (DEX) integrator appears to have suffered $2.7 million in damages, according to security analysts.
The attack may have been caused by a leak of the DEX’s administrator private keys, security firm SlowMist posted on X. Shortly after, OKX confirmed that a deprecated smart contract for OKX’s DEX had been compromised and promised compensation to affected users.
“We regret to inform you that a deprecated smart contract on OKX DEX has been compromised. We have taken immediate action to secure all user funds and revoke contract rights. We are working with relevant authorities to retrieve the stolen funds and will compensate affected users,” the platform told X.
Security analysts at PeckShield later revealed that the attack resulted in the theft of approximately $2.7 million worth of cryptocurrency assets.
Arkham, a blockchain data analytics provider, also confirmed that the OKX DEX was exploited by hackers who may have upgraded deprecated contracts through token acceptance, resulting in losses of over $2.7 million. It also suggested that the attackers were linked to other exploits, including LunaFi, Uno Re, and RVLT. Arkham also offered a bounty of 5,000 ARKM ($2,250) for information that helps identify the hackers or leads to the return of the funds.
What happen?
SlowMist said users approve token exchanges on the DEX through the TokenApprove contract. The DEX contract can then transfer these tokens by calling TokenApprove’s function. A key component of this process is the DEX proxy, which is managed by a proxy manager. The proxy manager owner has the ability to upgrade the DEX proxy contract to call the ClaimTokens function of the TokenApprove contract for token transfer.
“This attack may be the result of the proxy manager owner’s private keys being leaked,” SlowMist added. The current owner implemented a significant upgrade to the DEX proxy contract on December 12 at 22:23 UTC. This upgrade changed the functionality of the contract to allow direct calls to the DEX contract’s ClaimTokens function for token transfers, exposing a vulnerability that attackers could exploit to steal tokens.
OKX DEX did not respond to The Block’s request for comment.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.