OKX becomes the latest victim of crypto theft as SMS notification security fails; OKX is investigating the crypto theft and has contacted the affected users.
The number of crypto larceny incidents has increased as hackers have utilized innovative methods to siphon off user funds. In the most recent development, users of the crypto exchange OKX reported a significant larceny that occurred due to a breach in the platform’s SMS notification security.
OKX Exchange Accounts Have Been Compromised
SlowMist reported on Sunday morning that two distinct victims had their OKX exchange accounts taken using surprisingly similar methods and features.
SlowMist reported that both incidents involved the establishment of new API keys with withdrawal and trading permissions, as well as SMS risk notifications that originated from “Hong Kong.”
Initially suspected to be cross-trading attempts, this theory has since been disproven. A Binance user experienced a similar robbery last week, resulting in the loss of over $1 million in cryptocurrency as a result of a cross-trading plugin.
A premeditated gang executed the assaults in a focused manner. MistTrack, SlowMist’s tracking team, is currently monitoring the hacker wallet addresses associated with both incidents and will continue to provide updates.
Nevertheless, the victims’ consent will be required before any specific details of the incidents are disclosed.
It is important to note that the victims did not enable 2FA authentication tools such as Google Authenticator, although it is uncertain whether this was the primary factor in the breaches.
SlowMist advises against panicking, positing that a more significant impact would likely lead to more exaggerated related events.
Crypto Exchange assumes responsibility.
OKX, a prominent cryptocurrency exchange, has responded to allegations of stolen user assets circulating online today. The exchange has contacted the affected users and is actively investigating the incidents.
OKX underscored its dedication to resolving the matter in a statement, ensuring that it will assume full responsibility for any losses incurred if the platform is proven to be at fault.
The exchange has pledged to disclose the investigation’s findings as soon as they are accessible and has encouraged users to exercise patience and refrain from unwarranted speculation.
The crypto criminal implemented a sophisticated approach to manipulate his account and avoid detection during the Binance attack. By holding his web cookies captive, the hacker executed large trades in the USDT trading pair, which has high liquidity.
Furthermore, the hacker executed limited sell orders at exorbitant prices in pairings with limited liquidity. This approach allowed the perpetrator to generate substantial profits without eliciting any security alerts from Binance.
