Skip to content
Active Currencies: 17,410
Market Cap: $2.280T
Bitcoin Dominance: 56.26%
24h Market Cap Change: $0.10

OKX DEX falls to exploit: What about your holdings?

Thousands of dollars worth of cryptos were stolen from DEX aggregator platform, OKX DEX.

Written by Written by Aniket Verma
Reviewed by Reviewed by Aniket Verma
Updated December 13, 2023
OKX DEX falls to exploit: What about your holdings?
  • A private key compromise allowed the attacker to transfer unauthorized tokens.
  • OKX admitted to the exploit and said it would compensate victims.

Crypto funds worth more than $400,000 were stolen from OKX DEX, a decentralized exchange aggregator platform, according to blockchain security firm SlowMist.

Decoding the modus operandi

The exploit was ascribed to a compromise of the management rights of a market maker contract, allowing the attacker to transfer tokens not authorized by the users.

OKX DEX, an offering by popular centralized exchange OKX [OKB], combines the different trading prices through all integrated third-party DEXes and recommends the best trading price to users.

When users want to send tokens, they must approve a TokenApprove contract, which allows the funds to be claimed by the receiver. After this, the claimTokens function of the contract is triggered, which completes the transfer.

However, in the late hours of the 12th of December, a manager of the contract mischievously altered the functionality. This was most likely caused by the leak of the account’s private keys.

According to SlowMist, the new implementation surpassed the authorizing part, enabling the attacker to directly execute the claimTokens function. As a result, the attacker was able to empty users’ wallets of thousands of dollars.

SlowMist flagged the address of the suspected attacker along with the address where the hack proceeds were going to.

OKX will compensate users

Responding to the claims, OKX admitted to the exploit and linked it with an abandoned DEX contract which was no longer in use. However, it said that the affected contracts have been deactivated.

The DEX estimated the hacked amount to be around $370,000 and assured affected users of compensation. As for the rest of the user assets, the exchange said that they were safe.

OKX stated that it would undertake a security check on abandoned smart contracts to avoid such problems in the future.

The development reiterated security risks associated with decentralized finance (DeFi) transactions and the need for increased monitoring.

The exploit didn’t seem to materially harm OKX’s native asset, OKB. The exchange token recorded 24-hour gains of 2.9%, AMBCrypto spotted using CoinMarketCap’s data.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Aniket Verma

Aniket Verma works as a journalist at AMBCrypto. Contrary to most who are primarily interested in merely tracking price movements of cryptos, his focus is on examining the niche intersection between cryptocurrencies and traditional finance. A so-so Bitcoin maximalist, Aniket has a strong disdain for memecoins and the unfounded frenzy they seem to generate every market season. Coming from a strong engineering background, Aniket previously worked as a Content Manager for TV9 Network. Before his stint over there, he was an Associate Multimedia News Producer at Reuters.

Related Articles

AMBCrypto
Facebook X Instagram Youtube Linkedin

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.