WEB3
by BSCN
June 10, 2024
Blockchain reporter Wublockchain revealed serious security flaws in OKX's system, including the ability to bypass Google Authenticator verification.
Wu Blockchain, an independent blockchain journalist, reported shortcomings in security settings in the crypto exchange, OKX.
OKX recently suffered a significant security breach involving its SMS notification system.
关于今日网络反馈的“交易所用户资产被盗”情况我们十分重视,已经与相关用户取得联系,目前正在就相关情况进行调查,如最终确定为平台责任平台会主动承担。此外,我们会在相关调查结束后第一时间公布结果,请各位耐心等待并停止不必要的猜测。感谢大家的支持。
— OKX中文 (@okxchinese) June 9, 2024
Attackers reportedly exploited this vulnerability, allowing them to create new API keys with permissions to withdraw and trade. Many users have experienced thefts as a result.
This incident at OKX is not isolated. Binance, another major exchange, has recently experienced a similar security breach.
Per reports, OKX is conducting a thorough investigation, reaching out to affected users, and promising full accountability if found at fault.
The exchange requested patience during the investigation process and recommended enabling two-factor authentication (2FA) to prevent further breaches. Despite these reassurances, the security shortcomings revealed are causing concern among users and industry observers.
Blockchain reporter Wu Blockchain conducted an analysis revealing ‘serious shortcomings’ in OKX's security settings. These include:
OKX allows switching to lower security verification methods, such as SMS, during sensitive operations like adding a whitelist address, withdrawals, and various verification changes. This bypasses Google Authenticator (GA) verification, undermining its security benefits.
OKX does not trigger a 24-hour withdrawal ban for sensitive operations such as disabling phone verification, disabling GA verification, and changing the login password. Withdrawal bans only apply when logging in on a new device. This represents a compromise in risk control measures for password changes.
Withdrawals to whitelisted addresses are not subject to dynamic verification based on withdrawal amounts. Withdrawals up to the limit can proceed without further verification after an address is added to the whitelist. Other exchanges set limits requiring re-verification for larger amounts, providing an additional layer of security.
According to Wu Blockchain, the current shortcomings have exposed users to significant risks.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].
Latest News
March 21, 2025
What is PIDaoSwap? A New Decentralized Exchange (DEX) on Pi Network
March 21, 2025
What Makes Sidra Chain Unique? Full Analysis
March 21, 2025
CHEEMS Memecoin Analysis: A BNB Giant
March 21, 2025
Who Is the Mysterious Hyperliquid Whale?
March 21, 2025
PumpFun Introduces PumpSwap to Challenge Raydium
March 20, 2025
Goldfinch and Plume Unlock Private Credit in the Crypto Ecosystem
March 20, 2025
BNB Analysis: Massive Growth and Outperforming BTC
March 20, 2025
Pi Network Launches New Two-Factor Authentication Process