Hackers stole funds from OKX users through SIM swap attacks

On June 9, two OKX users experienced SIM swap attacks resulting in the theft of undisclosed funds. Hackers executed the theft using a deceptive SMS notification purportedly from the exchange.

According to SlowMist founder Cosine, the attack involved sophisticated SMS operations that tricked users into generating new API keys with withdrawal and trading permissions. The methods used in the two incidents were strikingly similar, possibly indicating the same perpetrator.

Details on how the hackers compromised OKX's authentication system remain unclear.

Some speculate that the SIM swap vulnerability involves identity theft, where hackers manipulate mobile operators to redirect the user's phone number to their control. This speculation raises questions about whether OKX failed to upgrade its procedures following previous incidents.

Following Cosine's disclosure, OKX issued a comprehensive update acknowledging the breach and initiating an investigation. The exchange promised to assume responsibility if found at fault and committed to transparency in sharing the investigation results.

This is not the first security challenge faced by OKX users. Previously, a Telegram data leak led to the theft of $2 million from OKX users by deepfake scammers. Similarly, in October 2023, a SIM swap attack targeting Friend.tech users resulted in a $400,000 loss.

Recently, hackers used purchased social engineering data to create fake IDs and AI-generated fake video avatars, reportedly bypassing OKX's manual review process and stealing over $3 million.

OKX's Commitment to Users

In response to a recent incident, OKX's CEO stated, "For customer losses caused by issues on OKX's side, OKX will always take full responsibility. We appreciate the support and tolerance of OKX users over the years, and we value every trust!"

On January 23 of this year, during a shocking 20-minute OKB flash crash, the price of OKB plummeted from 50.69 USDT to 25.1 USDT within minutes, causing OKX to face a $1.5 billion loss. This prompted the exchange to take strategic action and shut down its mining pool business. OKX apologized and planned to compensate affected users, including those involved in margin trading and multi-currency trading. By addressing the flash crash with a compensation plan and reshaping its business model through closing the mining pool, OKX demonstrated adaptability and responsibility in the dynamic cryptocurrency world.

These incidents reveal vulnerabilities in OKX's authentication system, despite previous similar security issues. OKX has issued statements acknowledging breaches, initiating investigations, and committing to full responsibility and transparency. OKX continues to face multiple security challenges and has experienced user fund thefts in the past. Nonetheless, OKX remains committed to adjusting its business model and compensating affected users, showcasing its adaptability and sense of responsibility.