Trusted

OKX Decentralized Exchange Exploited For $430K in Suspect Private Key Leak

2 mins
Updated by Ciaran Lyons
Join our Trading Community on Telegram

In Brief

  • OKX decentralized exchange (DEX) suffered an exploit due to a suspected leak of the proxy admin owner's private key.
  • The exploit occurred when the DEX Proxy contract was upgraded, enabling attackers to directly call the claimTokens function of the DEX contract to transfer tokens.
  • In response to the attack, OKX stated they are working with relevant agencies to locate the stolen funds and will reimburse affected users.
  • promo

The latest exploit in the world of decentralized finance (DeFi) has impacted the OKX decentralized exchange (DEX). Details are thin on the ground but it appears that a private key was leaked. 

On Dec. 13, blockchain security firm SlowMist reported that there was a suspected leak of the OKX DEX proxy admin owner’s private key. 

OKX DEX Private Key Leak 

Crypto insights firm Scopescan confirmed that users had reported an exploit event on the OKX DEX contract. It contacted the exchange which responded

“The old abandoned MM contract was attacked, and the attack has been located and stopped. The losses of the users involved will be fully borne.”

Suspect address activity in OKX DEX attack. Source: Scopescan

SlowMist elaborated further stating that it was found that when users exchange, they authorize the TokenApprove contract. The DEX contract then transfers the user’s tokens by calling this contract.

A claimTokens function in the contract allows a trusted DEX Proxy to make calls. However, the trusted DEX Proxy is managed by the Proxy Admin which can upgrade the DEX Proxy contract.

This was upgraded to a new implementation contract on Dec. 12, it reported before adding: 

“The new implementation contract’s functionality is to directly call the claimTokens function of the DEX contract to transfer tokens. Subsequently, attackers began calling the DEX Proxy to steal tokens.”

 “As of now, the attacker has profited approximately $430,000,” it stated. 

Read more: 12 Best Decentralized Exchanges for 2023

SlowMist suggests that the Proxy Admin Owner’s private key leak may have caused this DeFi exploit. They also added that they have removed the DEX Proxy from the trusted list.

According to Etherscan, the exploiter address holds tokens to the value of $430,000.

The exchange posted an update on its official X (Twitter) feed stating: 

“We are working with relevant agencies to locate the stolen funds and will reimburse affected users with $370k.” 

DeFi Exploits Continue

The OKX DEX has become the latest in a long list of DeFi exploits this year.

Just recently there were major attacks and thefts from Florence Finance, KyberSewap, HTX, and Heco Bridge. 

DeFi RWA platform Florence Finance lost $1.45 million in an address poisoning attack. Furthermore, KyberSwap lost $45 million in a huge hack in November. 

Moreover, Mixin Network, Linear Finance, and Balancer were also DeFi exploit victims over the past few months. 

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

profile.jpg
Martin Young
Martin Young is a seasoned cryptocurrency journalist and editor with over 7 years of experience covering the latest news and trends in the digital asset space. He is passionate about making complex blockchain, fintech, and macroeconomics concepts understandable for mainstream audiences.   Martin has been featured in top finance, technology, and crypto publications including BeInCrypto, CoinTelegraph, NewsBTC, FX Empire, and Asia Times. His articles provide an in-depth analysis of...
READ FULL BIO
Sponsored
Sponsored