OKX cryptocurrency exchange and security partner SlowMist are investigating a multi-million dollar exploit that led to the theft of two user accounts.
The investigation relates to the theft of two OKX exchange accounts on June 9 via an SMS attack, also known as a SIM swap. This information was reported by Yu Xian, founder of SlowMist, in a post on X.
“The SMS risk notification came from Hong Kong and a new API Key was created (since it contains withdrawal and trading permissions, we previously suspected cross-trading intentions, but now it seems we can rule it out).”
It’s unclear how much was stolen in the attack, but Sian wrote that “millions of dollars in assets were stolen.”
Related: Cryptocurrency hacking scale soars to $19 billion in 13 years: Crystal Intelligence
2FA was not the main problem in the attack: SlowMist
While on-chain security company SlowMist is still investigating the hacker’s wallet and the underlying incident, the exchange’s two-factor authentication (2FA) mechanism may not be the main point of vulnerability.
In a June 9 X post, SlowMist founder Xian wrote:
“I’ve never turned on a 2FA authenticator like Google Authenticator, so I’m not sure if that’s the point.”
Cointelegraph has reached out to OKX and SlowMist for comment.
According to an analysis by Web3 security group Dilation Effect, OKX’s 2FA mechanism allowed attackers to switch to a less secure verification method, whitelisting withdrawal addresses via SMS verification.
However, recently, more sophisticated hackers have been circumventing 2FA authentication methods. In early June, a Chinese trader lost $1 million to a scam using a promotional Google Chrome plugin called Aggr. The plugin steals user cookies, which hackers use to bypass passwords and 2FA authentication.
Related: Cryptocurrency hacks will increase by 2024, but smart contracts are not to blame
Phishing attacks are on the rise
Phishing attacks increased in June after CoinGecko identified a data breach at third-party email management platform GetResponse. The breach resulted in attackers sending 23,723 phishing emails to victims.
Phishing attacks involve hackers trying to steal sensitive information, such as cryptocurrency wallet private keys. Other phishing attacks, known as address poisoning scams, aim to trick investors into willingly sending funds to fraudulent addresses similar to addresses they have previously interacted with.
Leakage of private keys and personal data has become the biggest cause of cryptocurrency-related hacking. Because exploiters are looking for the easiest way out.
According to Merkle Science’s 2024 HackHub report, more than 55% of hacked digital assets were lost due to private key breaches in 2023.
magazine: Roaring Kitty’s GME stock price hit $1 billion and BTC open interest soared. Other news: Hodler’s Digest, June 2-8