UPDATE On The OKX Decentralized Exchange HACK• December 13, 2023 1:59 pm • Comments
On Tuesday, the OKX decentralized exchange suffered a hack that left approximately $370,000 drained from the platform.
The exploit was reportedly caused by manipulating an old version of a smart contract, and sources claim that the attack, itself was relatively minor in terms of the threat posed by the hackers. OKX has announced that it will reimburse all affected users.
Law enforcement has also been brought into the matter and will launch an investigation into the stolen funds.
Although the official losses have been reported at around $370,000, some sources are claiming that the lost funds could be as high as between $1.1-$2.7 million.
Of course, OKX is not alone in suffering a security breach recently; Justin Sun’s Poloniex exchange was also hacked and KyberSwap was hit with a high-profile security breach earlier this month. Here are the latest developments:
OKX DEX suffers $2.7 million hack
— web3 is going just great (@web3isgreat) December 13, 2023
Colin Wu explained: “OKX stated that due to the hack of the management rights of an abandoned OKX DEX market maker contract, 18 address assets authorized for the contract were hacked. The affected contracts have been deactivated and all user assets have been confirmed to be safe.
All affected users have lost approximately $370k, and OKX will compensate. OKX will conduct a security self-examination and reorganize all relevant abandoned contracts.”
OKX stated that due to the hack of the management rights of an abandoned OKX DEX market maker contract, 18 address assets authorized for the contract were hacked. The affected contracts have been deactivated and all user assets have been confirmed to be safe. All affected users…
— Wu Blockchain (@WuBlockchain) December 13, 2023
Crypto Slate provided this update from OKX:
“We regret to inform you that a deprecated smart contract on OKX Dex has been compromised. We have taken immediate action to secure all user funds and revoke the contract permissions.
We are working with relevant agencies to locate the stolen funds and will reimburse affected users with $370k. A thorough review is underway to prevent similar incidents. Our apologies for any inconvenience caused.”
Arkham Intelligence announced on Wednesday: “We’ve created and funded a bounty to help identify the person or organization behind the recent OKX DEX exploit.
OKX DEX was exploited by a hacker who upgraded a deprecated contract with token approvals, resulting in losses of over $2.7M on Dec 13, 2023. The hacker is tied to a number of hacks, including LunaFi, Uno Re, RVLT, and more.
This bounty will reward: – Information revealing the identity of the exploiter. – Any information leading to the successful return of funds
Submissions to this bounty will be shared with the OKX team in support of their investigation. Cc@ okxweb3.”
New Intel Exchange Bounty: OKX DEX Exploit
We've created and funded a bounty to help identify the person or organization behind the recent OKX DEX exploit.
— Arkham (@ArkhamIntel) December 13, 2023
Scopescan reported on Tuesday: “Users reported an exploit event on the OKX DEX contract. We have contacted them and got the following response: “The old abandoned MM contract was attacked, and the attack has been located and stopped. The losses of the users involved will be fully borne.”
Exploiters transferred funds from addresses that approved assets to the DEX contract. Right now, the exploiting size is ~$391K The last exploit was 1 hr 18 minutes ago.”
Users reported an exploit event on the #OKX DEX contract.
We have contacted them and got the following response:
"The old abandoned MM contract was attacked, and the attack has been located and stopped.
The losses of the users involved will be fully borne."
— Scopescan (@0xScopescan) December 13, 2023
Crypto Potato added:
The fact that a relatively well-known DEX was successfully hacked startled some members of the community. Others also commented on the quick resolution time, stating that this proves OKX may not be as decentralized as the developers claim.
Join the conversation!
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.