The OKX cryptocurrency exchange and security partner SlowMist are investigating a multi-million dollar exploit that resulted in two stolen user accounts.
The investigation pertains to the theft of two OKX exchange accounts on June 9 through an SMS attack, also known as a SIM swap. This information was reported by Yu Xian, founder of SlowMist, in a post on X.
“The SMS risk notification came from Hong Kong and a new API Key was created (with withdrawal and trading permissions, which is why we suspected a cross-trading intention before, but it seems that it can be ruled out now).”
While the amount stolen through the attack is unclear, Xian wrote that “millions of dollars of assets were stolen.”
Related: Crypto hacks soar to $19B in 13 years: Crystal Intelligence
2FA was not the main issue behind the attack: SlowMist
While onchain security firm SlowMist is still investigating the hacker wallet and the underlying incidents, the exchange’s two-factor authentication (2FA) mechanisms may not be the main point of vulnerability.
In a June 9 X post, SlowMist founder Xian wrote:
“I haven’t turned on a 2FA authenticator like Google Authenticator, but I’m not sure if this is the key point.”
Cointelegraph has approached OKX and SlowMist for comment.
OKX’s 2FA mechanism allowed the attackers to switch to a low-security verification method, which allowed them to whitelist withdrawal addresses via SMS verification, according to an analysis by Web3 security group Dilation Effect.
However, more sophisticated hackers have recently been bypassing 2FA verification methods. At the beginning of June, a Chinese trader lost $1 million to a scam that used a promotional Google Chrome plugin called Aggr. The plugin steals user cookies, which are used by hackers to bypass passwords and 2FA authentication.
Related: Crypto hacks increase in 2024, but smart contracts are not to blame
Phishing attacks are on the rise
Phishing attacks were on the rise in June after CoinGecko confirmed a data breach suffered by its third-party email management platform, GetResponse. The breach led to the attacker sending 23,723 phishing emails to victims.
Phishing attacks involve hackers aiming to steal sensitive information like crypto wallet private keys. Other phishing attacks, known as address poisoning scams, aim to trick investors into willingly sending funds to a fraudulent address similar to addresses they previously interacted with.
Private key and personal data leaks have become the biggest reason behind crypto-related hacks, as exploiters are targeting the lowest-hanging fruit.
Over 55% of hacked digital assets were lost to private key leaks during 2023, according to Merkle Science’s 2024 HackHub report.