OKX cryptocurrency exchange and security partner SlowMist are currently investigating a significant breach that resulted in the theft of two user accounts, amounting to millions of dollars in stolen assets.
The breach, which occurred on June 9, involved a targeted SMS attack, commonly known as a SIM swap, on two OKX exchange accounts. Yu Xian, the founder of SlowMist, shared this information in a post on X.
Although the exact amount stolen in the attack remains unclear, Xian stated that the hackers made off with “millions of dollars of assets.”
Despite ongoing investigations into the hacker wallet and the events leading up to the breach, SlowMist has indicated that the exchange’s two-factor authentication (2FA) mechanisms may not have been the primary vulnerability exploited in this incident.
According to analysis conducted by Web3 security group Dilation Effect, the attackers were able to exploit OKX’s 2FA system to switch to a less secure verification method, enabling them to whitelist withdrawal addresses via SMS verification.
This breach comes amidst a rise in sophisticated hacking techniques targeting cryptocurrency users. In a recent separate incident, a Chinese trader fell victim to a $1 million scam involving a malicious Google Chrome plugin called Aggr, which bypassed passwords and 2FA authentication by stealing user cookies.
With crypto crimes on the rise, phishing attacks have become a growing concern. In June, CoinGecko reported a data breach affecting its third-party email management platform, GetResponse, resulting in over 23,000 phishing emails being sent to victims.
These phishing attacks aim to steal sensitive information such as crypto wallet private keys, while others, known as address poisoning scams, deceive investors into sending funds to fraudulent addresses resembling legitimate ones they have interacted with in the past.
As private key and personal data leaks continue to be exploited by hackers, the crypto community faces increasing vulnerabilities. Merkle Science’s 2024 HackHub report revealed that more than 55% of hacked digital assets in 2023 were lost due to private key leaks.
In other news, Roaring Kitty’s GME shares reach $1 billion, BTC open interest sees a surge, and more updates can be found in Hodler’s Digest from June 2-8.