A flaw within the two-factor authentication (2FA) safety system utilized by crypto and derivatives trade OKX has apparently been found after two customers reported that their accounts had been hacked and their funds drained in a suspected SIM-swapping assault.
The founding father of blockchain safety agency SlowMist, Yu Xian, reported that the customers obtained SMS danger notifications from Hong Kong earlier than a brand new API key was created as a part of their account authentication course of.
Following up on these studies, safety analysts Dilation Impact (DE) claims to have discovered a flaw in OKX’s authentication system. It mentioned that customers are capable of change from 2FA to ‘lower security verification methods,’ like SMS verification, throughout OKX’s delicate consumer operations.
两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB
— Cos(余弦)
(@evilcos) June 9, 2024
Such delicate actions embody withdrawals, whitelisting addresses, altering the login password, and disabling 2FA verification. DE says these actions don’t set off a 24-hour withdrawal ban and {that a} ban is just triggered when logging into a brand new system.
Moreover, if an handle is whitelisted, DE claims massive quantities of crypto may be withdrawn with out the necessity for added verification. “This quick analysis reveals that OKX’s security settings lack baseline design. Possibly to enhance user experience, OKX has made significant compromises in security,” DE mentioned.
Learn extra: Watch out for airdrops: Tether CEO warns of mailing record breach
Nevertheless, Yu claimed to be not sure if Google’s authenticator is the ‘key point’ on this assault, including, “There’s no need to panic. If the impact is large, the performance of related events should be more exaggerated. Let’s wait for more disclosures.”
SlowMist claims that they’re monitoring the wallets of the hacker behind the breach of the 2 accounts and have requested anybody struggling the same exploit to contact them.
Obtained a tip? Ship us an e mail or ProtonMail. For extra knowledgeable information, observe us on X, Instagram, Bluesky, and Google Information, or subscribe to our YouTube channel.