OKX exchange has seen upwards of $633 million in outflows over the last seven days. It comes on the back of security concerns amid rumors that the platform is porous due to email and SIM authentication.
The platform says the matters are being investigated and would take responsibility if results prove the fault is in-house.
OKX Exchange Suffers Massive Outflows
OKX trading platform has recorded over $633 million in outflows in the last seven days. In the past 24 hours, outflows have reached $205 million, bringing the month-to-date numbers to $340 million, DefiLlama data shows.
Based on the centralized exchanges tabulation, OKX is leading in outflows. This comes after concerns that the exchange’s security loopholes saw some users lose their holdings to a hacker.
“Two different victims had their exchange accounts stolen this morning, and the methods and features of their coins being stolen were surprisingly similar,” SlowMist executive Cos wrote.
Read More: 17 Best No KYC Crypto Exchanges: These Are The Top Choices in 2024
The report reveals that the victims received an SMS risk notification from “Hong Kong.” The attacker then created a new API key with withdrawal and trading permissions, leading investigators to suspect intentions of cross-trading.
Web3 security enthusiasts from Dilation Effect analyzed the attacks on OKX, examining the platform’s user security settings. The findings were quite surprising, according to the team.
- Although users bind their accounts to Google Authenticator (GA), they can switch the verification to a lower-security method like email or SMS, allowing attackers to bypass GA verification.
- There is no trigger for the risk control measure of a 24-hour currency withdrawal ban, even during sensitive user operations like turning off mobile phones or GA verification and changing the login or password. The risk control measure triggers only when the same account logs in on a new device.
- There is no dynamic verification based on the withdrawal limit for withdrawals from whitelisted addresses. This means users withdraw money without verification within the withdrawal limit once the address is allowed.
The investigators concluded that OKX’s security settings lack a baseline design. They noted that the platform has made several security compromises to enhance the user experience. Dilation Effect recommends that all users bind their accounts to Google Authenticator for better security.
Read More: How to Choose The Right Crypto Exchange, Everything You Need To Know
As investigators probe the attacks on OKX user assets, the exchange assures customers it will take responsibility and bear the loss if they find the platform at fault. On June 12, WuBlockchain reported that OKX has fully compensated two users attacked through hijacked SMS and email. To prevent similar incidents, OKX will now require Google Authenticator for additional security.
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
