Connect with us
Active Currencies 12999
Market Cap $2,454,209,930,043.10
Bitcoin Share 49.67%
24h Market Cap Change $0.93

OKX DEX falls to exploit: What about your holdings?

2min Read

Thousands of dollars worth of cryptos were stolen from DEX aggregator platform, OKX DEX.

OKX DEX falls to exploit: What about your holdings?

Share this article



  • A private key compromise allowed the attacker to transfer unauthorized tokens.
  • OKX admitted to the exploit and said it would compensate victims.

Crypto funds worth more than $400,000 were stolen from OKX DEX, a decentralized exchange aggregator platform, according to blockchain security firm SlowMist.

Decoding the modus operandi

The exploit was ascribed to a compromise of the management rights of a market maker contract, allowing the attacker to transfer tokens not authorized by the users.

OKX DEX, an offering by popular centralized exchange OKX [OKB], combines the different trading prices through all integrated third-party DEXes and recommends the best trading price to users.

When users want to send tokens, they must approve a TokenApprove contract, which allows the funds to be claimed by the receiver. After this, the claimTokens function of the contract is triggered, which completes the transfer.

However, in the late hours of the 12th of December, a manager of the contract mischievously altered the functionality. This was most likely caused by the leak of the account’s private keys.


According to SlowMist, the new implementation surpassed the authorizing part, enabling the attacker to directly execute the claimTokens function. As a result, the attacker was able to empty users’ wallets of thousands of dollars.

SlowMist flagged the address of the suspected attacker along with the address where the hack proceeds were going to.

OKX will compensate users

Responding to the claims, OKX admitted to the exploit and linked it with an abandoned DEX contract which was no longer in use. However, it said that the affected contracts have been deactivated.

The DEX estimated the hacked amount to be around $370,000 and assured affected users of compensation. As for the rest of the user assets, the exchange said that they were safe.

OKX stated that it would undertake a security check on abandoned smart contracts to avoid such problems in the future.

The development reiterated security risks associated with decentralized finance (DeFi) transactions and the need for increased monitoring.

The exploit didn’t seem to materially harm OKX’s native asset, OKB. The exchange token recorded 24-hour gains of 2.9%, AMBCrypto spotted using CoinMarketCap’s data.


Share

Aniket is a full-time journalist at AMB Crypto. With experience in news publishing and content management, he is now increasingly tangled up in the web of cryptocurrencies and blockchains. His focus lies on the intersection between cryptos and traditional finance. He prefers DC over Marvel, cats over dogs and Hyderabadi Biryani over Kolkata Biryani.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.