Connect with us
Active Currencies 14055
Market Cap $2,345,524,395,084.72
Bitcoin Share 50.04%
24h Market Cap Change $3.38
News

OKX DEX falls to exploit: What about your holdings?

2min Read

Thousands of dollars worth of cryptos were stolen from DEX aggregator platform, OKX DEX.
Posted:
Avatar
Journalist
OKX DEX falls to exploit: What about your holdings?
Avatar
Journalist
Posted:

Share this article

  • A private key compromise allowed the attacker to transfer unauthorized tokens.
  • OKX admitted to the exploit and said it would compensate victims.

Crypto funds worth more than $400,000 were stolen from OKX DEX, a decentralized exchange aggregator platform, according to blockchain security firm SlowMist.

Decoding the modus operandi

The exploit was ascribed to a compromise of the management rights of a market maker contract, allowing the attacker to transfer tokens not authorized by the users.

OKX DEX, an offering by popular centralized exchange OKX [OKB], combines the different trading prices through all integrated third-party DEXes and recommends the best trading price to users.

When users want to send tokens, they must approve a TokenApprove contract, which allows the funds to be claimed by the receiver. After this, the claimTokens function of the contract is triggered, which completes the transfer.

However, in the late hours of the 12th of December, a manager of the contract mischievously altered the functionality. This was most likely caused by the leak of the account’s private keys.

According to SlowMist, the new implementation surpassed the authorizing part, enabling the attacker to directly execute the claimTokens function. As a result, the attacker was able to empty users’ wallets of thousands of dollars.

SlowMist flagged the address of the suspected attacker along with the address where the hack proceeds were going to.

OKX will compensate users

Responding to the claims, OKX admitted to the exploit and linked it with an abandoned DEX contract which was no longer in use. However, it said that the affected contracts have been deactivated.

The DEX estimated the hacked amount to be around $370,000 and assured affected users of compensation. As for the rest of the user assets, the exchange said that they were safe.

OKX stated that it would undertake a security check on abandoned smart contracts to avoid such problems in the future.

The development reiterated security risks associated with decentralized finance (DeFi) transactions and the need for increased monitoring.

The exploit didn’t seem to materially harm OKX’s native asset, OKB. The exchange token recorded 24-hour gains of 2.9%, AMBCrypto spotted using CoinMarketCap’s data.

 

Previous:
Next:

Share

Avatar
Aniket Verma works as a journalist at AMBCrypto. Contrary to most who are primarily interested in merely tracking price movements of cryptos, his focus is on examining the niche intersection between cryptocurrencies and traditional finance. A so-so Bitcoin maximalist, Aniket has a strong disdain for memecoins and the unfounded frenzy they seem to generate every market season. Coming from a strong engineering background, Aniket previously worked as a Content Manager for TV9 Network. Before his stint over there, he was an Associate Multimedia News Producer at Reuters.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.