OKX to reimburse $430k stolen by hackers

OKX ($OKB) has suffered a security breach in its decentralised exchange (DEX), resulting in the theft of over $400,000. The exchange has committed to compensating the affected users and is taking steps to strengthen its security measures.

The OKX breach was initially reported by blockchain security firm SlowMist, which indicated a possible leak of the proxy admin owner’s private key. 

Crypto insights firm Scopescan confirmed that users had reported an exploit event on the OKX DEX contract. 

OKX responded: “The old abandoned MM contract was attacked, and the attack has been located and stopped. The losses of the users involved will be fully borne.”

What caused the OKX exploit?

According to SlowMist, the exploit occurred during the token exchange process. This is where users authorise a TokenApprove contract, and the DEX contract transfers the tokens requested. 

A function named claimTokens in this contract, which allows a trusted DEX Proxy to make calls, was central to the exploit. The DEX Proxy is managed by the Proxy Admin, who can upgrade the DEX Proxy contract.

On 12 December, the DEX Proxy contract was upgraded to a new implementation contract. This new contract could directly call the claimTokens function of the DEX contract to transfer tokens. Attackers exploited this to begin stealing tokens. 

SlowMist stated that the attackers had profited approximately $430,000. This figure was supported by the wallet address associated with the attacker on Etherscan.

SlowMist suggested that the leak of the Proxy Admin Owner’s private key might have led to this DeFi exploit. They also reported that the DEX Proxy had been removed from the trusted list.

OKX’s responds to the hack

Following the incident, OKX acknowledged the exploit, linking it to an abandoned DEX contract that was no longer in use. The exchange has deactivated the affected contracts and announced on social media app X that “judicial procedures” would be initiated to recover the losses. 

OKX also committed to conducting a security self-examination and reorganising all related abandoned contracts to prevent similar incidents in the future.

The exchange added: “We sincerely apologise for the inconvenience caused to you.”

The breach at OKX DEX adds to a growing list of DeFi exploits witnessed this year. Notable incidents include major attacks on HTX, and Heco Bridge. 

Recent victims include Florence Finance who suffered a loss of $1.45 million in an address poisoning attack, while KyberSwap faced a massive $45 million hack in November.