OKX Becomes Latest Victim Crypto Theft As SMS Notification Security Fails

The total number of crypto theft incidents has been rising once again with hackers adopting innovative methods to siphon off user funds. In the latest development, users of the crypto exchange OKX reported major theft while breaching through the SMS notification security of the platform.

OKX Exchange Accounts Compromised

On Sunday morning, SlowMist reported that two different victims had their OKX exchange accounts stolen using surprisingly similar methods and features. According to SlowMist, both incidents involved SMS risk notifications originating from “Hong Kong” and the creation of new API keys with withdrawal and trading permissions. Initially suspected to be cross-trading attempts, this theory has since been ruled out. Last week, a Binance user faced similar theft losing over $1 million in crypto due to a cross-trading plugin.

The attacks were carried out by a premeditated gang in a concentrated manner. SlowMist’s tracking team, MistTrack, is actively monitoring the hacker wallet addresses involved in both incidents and will continue to provide updates. However, specific details of the incidents will not be disclosed without the victims’ consent.

Notably, 2FA authentication tools like Google Authenticator were not enabled by the victims, though it remains uncertain if this is the key factor in the breaches. SlowMist advises against panic, suggesting that a larger impact would likely result in more exaggerated related events.

Crypto Exchange Takes Responsibility

OKX, a leading cryptocurrency exchange, has responded to reports of stolen user assets circulating online today. The exchange has initiated contact with the affected users and is actively investigating the incidents.

In a statement, OKX emphasized its commitment to resolving the issue, assuring that if the platform is found responsible, it will take full responsibility for the losses. The exchange has promised to announce the investigation results as soon as they are available and urged users to remain patient and refrain from unnecessary speculation.

During the Binance attack, the crypto hacker employed a sophisticated method to manipulate his account and evade detection. By holding his web cookies hostage, the hacker executed large trades in the USDT trading pair, which has high liquidity. Additionally, the hacker placed limit sell orders at inflated prices in pairs with scarce liquidity. This strategy enabled the hacker to profit significantly without triggering any security alerts from Binance.