Hackers have allegedly targeted OKX, leading to the theft of funds from at least two accounts. This sophisticated attack involved the use of SMS risk notifications and the creation of new API keys.
Details of the Attack
According to reports, OKX has been compromised, with at least two users experiencing drained accounts after receiving SMS risk notifications originating from Hong Kong. An unidentified entity created new API keys with withdrawal and trading permissions. This allowed them to swap and drain coins from the platform.
“Two different victims experienced similar account theft incidents early this morning. The SMS risk notifications came from ‘Hong Kong,’ and new API keys were created with withdrawal and trading permissions.” – Yu Xian, SlowMist Founder
OKXβs Chinese branch has stated that they have reached out to the affected users and are currently investigating the incidents. They have committed to taking responsibility if the platform is found to be at fault and will announce the results of the investigation as soon as it is completed.
Potential Causes and Industry Context
The full extent of the attack remains unclear, and it is yet to be determined how the hackers managed to hijack the trading accounts. SIM swapping, a form of phone hijacking, has been a significant threat to crypto investors for years. In 2021, Coinbase disclosed that hackers had stolen crypto from about 6,000 users by bypassing multi-factor authentication in a suspected phishing campaign that involved hijacking two-factor authentication SMS messages.
Other incidents have involved hijackers porting phone numbers to intercept one-time passwords, validate transactions, or change account credentials. As a result, many major crypto companies have moved away from SMS-based two-factor authentication, though some still rely on this method.
Practical Tips for Crypto Investors
- Use Hardware Authentication: Consider using hardware-based two-factor authentication methods instead of SMS-based methods.
- Stay Vigilant: Be cautious of SMS notifications and verify their authenticity before taking any action.
- Monitor Account Activity: Regularly check your account for any unusual activity or unauthorized API keys.
- Enable Multi-Factor Authentication: Use multi-factor authentication (MFA) whenever possible to add an extra layer of security.
For more updates on cryptocurrency news, visit Global Crypto News.