The practices of hacking and security breaches are not new to the crypto and OKX is the main target this time. The platform reported a severe Remote Code Execution (RCE) vulnerability in the OKX iOS applications. The same was confirmed by CertiK earlier this month.
The Critical Vulnerability and OKX’s Response
A post from CertiK on December 19, 2023, on the X platform, seeks the attention of crypto enthusiasts, mainly the OKX holders. The post told the OKX wallet users to update the iOS apps to the latest version immediately.
Earlier this month, the critical Remote Code Execution (RCE) vulnerability in the application was identified and reported by the blockchain security firm. Now, the firm announced an update urge to avoid being exposed to a potential security flaw.
An RCE vulnerabilities help hackers run malicious code on a firm’s network or system, which may result in data breaches or stolen funds.
OKX iOS application’s outdated version posed a risk of compromise with the sensitive data and crypto assets. Also, On December 13, OKX’s decentralized Exchange underwent a $2.7 Million hack due to the leak of the private key of the proxy admin owner.
The situation created a tense environment in the OKX office as well as hiked the worries of OKX holders.
To recover from the situation and address the issue, OKX introduced the latest version 6.45.0. Following the update, CertiK requested the OKX wallet holders to update the iOS application to the latest version, where the vulnerability has been resolved successfully.
However, the announcement sparked controversy over the timing of the disclosure and raised concerns about the holder’s data and crypto assets.
What About The User’s Funds?
Incidents like hacking and attacks are quite rare, reporting a rising trend among hackers to target crypto platforms and wallets in recent months. Surprisingly, no major losses were reported in the case of OKX.
The crypto exchange assured no asset lost and the same was confirmed on its Chinese social media page.
“The major impact of the bug was detected on a third-party application service offerer and no harm was reported to users’ funds”, stated OKX. The bug didn’t pose a threat to the safety of user assets. However, updating the application to the latest version will help in assured fund security.
In addition to this, OKX’s response to the critical vulnerability and CertiK’s quick disclosure was undigestable for MetaMask’s lead Tay Monahan.
“The post from OKX urges critical update, the bug has been disclosed no more than eight days after the fix’s release,” said Tay Monahan.The update is leaving users who do not quickly update at risk, she added. According to Tay, the action shows a lack of clarity as details in the App Store do not showcase which version actually contains the fix.
Steefan George is a crypto and blockchain enthusiast, with a remarkable grasp on market and technology. Having a graduate degree in computer science and an MBA in BFSI, he is an excellent technology writer at The Coin Republic. He is passionate about getting a billion of the human population onto Web3. His principle is to write like “explaining to a 6-year old”, so that a layman can learn the potential of, and get benefitted from this revolutionary technology.
Source: https://www.thecoinrepublic.com/2023/12/20/okx-addresses-security-flaws-in-ios-certik-warned-for-update/