OKX Hit by AI Face-Swap "KYC Breach"! Over $2 Million in Assets Stolen with Fake IDs - What Happened?

A Chinese OKX user recently published a long post lamenting: hackers purchased his leaked personal information, logged into his email, reset his password, and used AI-generated fake IDs and video avatars to bypass OKX's verification process. They then successfully changed his phone number, email, and Google Authenticator, leading to the loss of over $2 million from his OKX account.

The victim, known as "Lai Ri Fang Chang," stated that the theft occurred on May 3rd:

"They accessed my email, clicked on 'forgot password,' and used AI-generated images to bypass all my security measures."

"In other words, without my knowledge, a third party changed my phone number, email, and Google Authenticator, leading to the loss of all my assets within 24 hours."

AI-Generated Fake IDs and Avatars Bypass Security Measures

Lai Ri Fang Chang revealed that after reporting to the police, he saw on their device a person who looked very similar to him, holding a fake ID and reading "I am Wu Suohan, ID number 4222..." into the camera. He questioned how such crude methods could bypass OKX's security system:

"Such a crude method could bypass the platform's security system, ultimately causing this tragedy. Doesn't the platform bear inescapable responsibility for this?"

"The staff kept emphasizing that all their processes are compliant, but compliance and security loopholes are two different things."

"As a user, I trusted your platform and stored all my assets here. Yet, because of your so-called compliant processes, I lost all my assets. Isn't this absurd?"

Lai Ri Fang Chang mentioned that the police are currently investigating and have obtained some clues. Using big data comparisons, they have preliminarily identified two suspects and plan to arrest them. However, it is likely that these two are just pawns, and there are other culprits behind the scenes.

Demanding Full Compensation from OKX In conclusion, Lai Ri Fang Chang affirmed that OKX has established a special task force and urged the platform to conduct an internal investigation to ensure no employee involvement, quickly fix the vulnerabilities to protect other users' assets, and actively cooperate with the police to establish a working group to track down the culprits.

He also called on OKX to have the courage to take responsibility and compensate for his full loss:

"$2 million might be a small amount for the platform, but for me, it’s astronomical."

OKX Official Response

In response to the incident, OKX issued a statement last night, acknowledging the information about "an OKX user's account being stolen" circulating online. The platform has been following up on the incident since it occurred and is assisting the relevant parties. The case is currently under judicial process, and details cannot be disclosed as per requirements.

AI Breaching KYC is Rampant According to previous reports by Blocktempo, using AI to forge documents and bypass KYC has long been an urgent issue. A website named OnlyFake allows users to quickly generate realistic fake driver's licenses or passports using AI technology, successfully bypassing the KYC of many mainstream cryptocurrency exchanges for just $15, reminding users to be aware of this new type of crypto theft.