The OKX cryptocurrency exchange and security partner SlowMist are currently investigating a large-scale breach that resulted in the theft of two user accounts.
The breach, which occurred on June 9, involved the theft of two OKX exchange accounts through an SMS attack known as a SIM swap. This information was disclosed by Yu Xian, the founder of SlowMist, in a recent post on X.
Although the exact amount stolen in the breach remains unclear, Xian mentioned that “millions of dollars worth of assets were taken.”
Despite ongoing investigations by SlowMist into the hacker’s wallet and the events surrounding the breach, it appears that the exchange’s two-factor authentication (2FA) system may not have been the primary point of weakness.
According to an analysis by Web3 security group Dilation Effect, OKX’s 2FA mechanism enabled the attackers to switch to a less secure verification method, allowing them to whitelist withdrawal addresses through SMS verification.
However, more advanced hackers have been finding ways to bypass 2FA verification methods. In a separate incident at the beginning of June, a Chinese trader fell victim to a scam involving a deceptive Google Chrome plugin called Aggr, resulting in a loss of $1 million. The plugin was used to steal user cookies, which then allowed hackers to bypass passwords and 2FA authentication.
The surge in crypto-related crimes, resulting in $3 billion in stolen assets, has raised concerns about the security of digital assets. Private key and personal data leaks have been identified as major factors behind these hacks, with hackers targeting the easiest vulnerabilities.
Phishing attacks have also been on the rise, with incidents such as the recent breach of CoinGecko’s third-party email management platform, GetResponse, leading to phishing emails being sent to victims.
These phishing attacks aim to steal sensitive information like crypto wallet private keys, while address poisoning scams deceive investors into sending funds to fraudulent addresses resembling legitimate ones they have interacted with before.
Private key leaks accounted for over 55% of hacked digital assets in 2023, according to a report by Merkle Science’s 2024 HackHub. This highlights the importance of securing private keys and personal data to prevent future breaches.
Overall, the increasing frequency of crypto crimes underscores the need for enhanced security measures within the industry.
OKX launches investigation into multiple account thefts following SIM swap attacks
Add A Comment