The decentralized platform OKX DEX has been hacked for $2.7 million after the proxy administrator performed an upgrade for a new implementation contract.
Some hackers have managed to get their hands on the private keys of DEX, taking away several cryptocurrencies, including WETH, USDC, USDT, ELON, BTT, SHIB, and many others.
The security company PeckShield has publicly advised X to revoke any type of smart contract approval on the decentralized exchange of OKX, in order to avoid further capital outflows.
Although the funds have been identified and are under the control of experts, the identity of the hacker has not yet been discovered.
Let’s see all the details below.
Hack on the OKX DEX platform results in a loss of $2.7 million
Last night, the decentralized cryptocurrency exchange OKX DEX was hit by a hacking attack that resulted in the loss of $2.7 million in digital assets.
This morning, the official Chinese profile of the platform declared in a post on X that the incident was caused by the theft of management rights of an abandoned market maker DEX that is no longer in use.
Basically, the hack was launched while the DEX proxy administrator was updating a new implementation contract.
All losses suffered by users will be covered by the exchange itself given its clear responsibility in the incident.
According to what is reported by OKX Chinese, the total loss is 370,000 dollars but the cybersecurity company PeckShield calculates a theft of 2.7 million dollars.
Quest’ultima ha raccomandato a tutti gli utenti di OKX DEX di rimuovere l’approvazione a qualsiasi contratto intelligente del protocollo, evitando ulteriori danni.
The latter has recommended to all OKX DEX users to remove approval for any smart contract of the protocol, avoiding further damages.
To revoke a contract, simply go to “Revoke.cash“, enter your cryptographic address in the search bar, and remove the permissions that are at risk of being hacked.
By analyzing the balances of the addresses reported by PeckShield, we can see how one of the main addresses responsible for the hack has withdrawn 799 WETH, 475,000 USDC, and 142,000 USDT from the DEX, before distributing these funds to 4 different accounts.
Another address would have executed the claim directly from the DEX proxy contract for a total value of 425,000 dollars, divided into many tokens ELON, BTT, SHIB, PEPE, SIDUS, AGRS, FROGE, and many others.
All these coins have not been sold yet and before doing so, the hacker will have to transfer some fraction of ETH to the address in question since it is currently lacking funds to pay for network gas.
It will be interesting to see who will finance the wallet for the gas fees, and where these tokens will end up.
The incident on the OKX DEX reminds us how vulnerable web3 platforms are and how decentralization can be a double-edged sword, which several malicious actors now know how to exploit skillfully.
Only in 2023, the money lost from this type of applications amounts to over 1.5 billion dollars due to hacks, scams, and exploits.
In the fourth quarter, the most serious cybercrimes against Poloniex and the Heco Chain Bridge resulted in losses of 100 and 80 million dollars respectively.
The OKX one represents only the tip of a much deeper iceberg.
The rise of OKX in the crypto exchange sector
Despite the hack suffered by its DEX, OKX company represents one of the strongest and fastest-growing entities in recent years with strongly growing metrics.
Currently, the exchange in its centralized version ranks third in terms of market volumes registered in the last 24 hours, behind only Binance and Upbit for spot exchanges, and Binance and Bybit for derivatives.
According to The Block data, in November 2023 the platform achieved a spot volume of over 60 billion dollars for a market share of 7.29% compared to the total value of all cryptocurrency exchanges that recorded a total volume of 826 billion dollars.
Founded in January 2017 by Star Xu under the previous name of OKeX, today the exchange plays a central role in the cryptocurrency industry, serving a whopping 50 million users.
With offices in Dubai, Hong Kong, Silicon Valley, Singapore, and Sydney, OKX can be considered a globally operating company.
After obtaining the license to operate in the United Arab Emirates in July 2022, the exchange is seeking to expand its presence in financial markets worldwide.
Currently, it boasts partnerships with successful brands and sports teams such as
Manchester City, McLaren, and the Australian Olympic team.
From 2018 to 2022, OKX has seen moderate growth in its business, with an explosion in the current year where Binance started losing ground to other competitors after some issues related to regulation and after FTX miserably collapsed due to fraudulent bankruptcy.
The cryptocurrency exchange holds the record as the largest exchange for clean asset reserves, highlighting a weak dependence of the platform on its native token OKB
The fortunes of Binance’s finances, on the other hand, depend much more on the performance of the BNB market.
OKX also presents with a reserve rate of BTC held by users equal to 102% in order to intervene in case of serious damages or unforeseen events.
It is also worth noting that it is a leader in the sector of offshore crypto exchanges with a market share of 11%, doubled compared to January.
Source: https://en.cryptonomist.ch/2023/12/13/okx-dex-falls-victim-to-a-hack-and-loses-2-7-million-after-a-proxy-contract-update/