Trusted

OKX Records Over $633 Million In 7-Day Outflows Amid Security Concerns Rumors

2 mins
Updated by Daria Krasnova
Join our Trading Community on Telegram

In Brief

  • OKX exchange reported massive outflows attributed to FUD on security settings concerns.
  • Web3 security experts' autopsy of OKX security settings revealed “surprising” findings.
  • The verification can be switched to a low-security methods, allowing the attacker to bypass the GA.
  • promo

OKX exchange has seen upwards of $633 million in outflows over the last seven days. It comes on the back of security concerns amid rumors that the platform is porous due to email and SIM authentication.

The platform says the matters are being investigated and would take responsibility if results prove the fault is in-house.

OKX Exchange Suffers Massive Outflows

OKX trading platform has recorded over $633 million in outflows in the last seven days.  In the past 24 hours, outflows have reached $205 million, bringing the month-to-date numbers to $340 million, DefiLlama data shows.

Based on the centralized exchanges tabulation, OKX is leading in outflows. This comes after concerns that the exchange’s security loopholes saw some users lose their holdings to a hacker.

“Two different victims had their exchange accounts stolen this morning, and the methods and features of their coins being stolen were surprisingly similar,” SlowMist executive Cos wrote.

Read More: 17 Best No KYC Crypto Exchanges: These Are The Top Choices in 2024

CEX Transparency OKX
CEX Inflows: Source: DefiLlama

The report reveals that the victims received an SMS risk notification from “Hong Kong.” The attacker then created a new API key with withdrawal and trading permissions, leading investigators to suspect intentions of cross-trading.

Web3 security enthusiasts from Dilation Effect analyzed the attacks on OKX, examining the platform’s user security settings. The findings were quite surprising, according to the team.

  • Although users bind their accounts to Google Authenticator (GA), they can switch the verification to a lower-security method like email or SMS, allowing attackers to bypass GA verification.
  • There is no trigger for the risk control measure of a 24-hour currency withdrawal ban, even during sensitive user operations like turning off mobile phones or GA verification and changing the login or password. The risk control measure triggers only when the same account logs in on a new device.
  • There is no dynamic verification based on the withdrawal limit for withdrawals from whitelisted addresses. This means users withdraw money without verification within the withdrawal limit once the address is allowed.

The investigators concluded that OKX’s security settings lack a baseline design. They noted that the platform has made several security compromises to enhance the user experience. Dilation Effect recommends that all users bind their accounts to Google Authenticator for better security.

Read More: How to Choose The Right Crypto Exchange, Everything You Need To Know

As investigators probe the attacks on OKX user assets, the exchange assures customers it will take responsibility and bear the loss if they find the platform at fault. On June 12, WuBlockchain reported that OKX has fully compensated two users attacked through hijacked SMS and email. To prevent similar incidents, OKX will now require Google Authenticator for additional security.

Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024
Coinbase Coinbase Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
3Commas 3Commas Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | November 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Lockridge-Okoth.png
Lockridge Okoth
Lockridge Okoth is a journalist at BeInCrypto, focusing on prominent industry companies such as Coinbase, Binance, and Tether. He covers a wide range of topics, including regulatory developments in decentralized finance (DeFi), decentralized physical infrastructure networks (DePIN), real-world assets (RWA), GameFi, and cryptocurrencies. Previously, Lockridge conducted market analysis and technical assessments of digital assets, including Bitcoin and altcoins such as Arbitrum, Polkadot, and...
READ FULL BIO
Sponsored
Sponsored