Cryptocurrency exchange OKX has reimbursed two of its customers whose accounts were compromised. The attack transpired on June 9 due to vulnerabilities in the exchange’s security.
According to journalist Colin Wu, both the users have received full compensation. A measure that was promised by the exchange in case it was at fault.
OKX sees massive withdrawals following hack
The user compensation comes as the exchange saw massive outflows a day after the two victims lost access to their accounts.
Approximately $204 million left the exchange’s wallets within 24 hours following the exploit. Over the past week, the exchange lost $633 million in outflows, as per DefiLlama data.
While there’s no solid data to confirm that the outflows were a byproduct of the security mishap, the trend was specific to OKX. Other exchanges saw minor movements.
Crypto exchanges inflows and outflows. Source: DeFi Llama
The timing of the outflows also coincided with the attack, further backing the theory.
Blockchain security firm SlowMist founder Yu Xian was the first to flag the incident. Xiam revealed that the users received SMS risk notifications from Hong Kong prior to the exploit.
Subsequently, a new API key was established for their account verification allowing the attackers to withdraw funds.
Discrepancies in security
Security analysts at Dilation Effect added to the investigation by identifying a vulnerability in OKX’s authentication system. It was noted that OKX allowed customers to switch to lighter security measures even during sensitive operations.
This was despite users having Google Authenticator (GA) enabled. As a result, sensitive actions such as disabling two-factor authentication don’t trigger the 24-hour withdrawal block.
Further, the analysts highlighted that Withdrawals to whitelisted addresses are not scrutinised. Instead, unlimited withdrawals are allowed on these addresses.
Dilation Effect concluded that OKX’s security design had made several compromises to bolster user experience.
According to Wu, the suspected cause of the attack was the victim’s email and SMS being hijacked. The victims also did not have two-factor authentication enabled,
However, the exchange’s security, which is the last line of defence in such cases, failed due to the aforementioned compromises.
As of now, Wu reports that OKX has made it mandatory to add Google Authenticator. The exchange expects to avoid similar incidents with this in place.
Unfortunately, OKX’s security was bypassed on another instance as well. On June 4, attackers used OKX user data leaked in a Telegram data breach to hijack another customer’s account.
The attackers reset the user’s password and used a deepfake video of the user to apply for a change of the associated phone number.
The attack resulted in $2 million worth of crypto assets siphoned from the account.
Since then, the exchange has been at the centre of controversies and has faced backlash from the crypto community.
The post OKX compensates users affected by hack amidst massive outflows appeared first on Invezz