WEB3
by BSCN
June 10, 2024
Blockchain reporter Wublockchain revealed serious security flaws in OKX's system, including the ability to bypass Google Authenticator verification.
Wu Blockchain, an independent blockchain journalist, reported shortcomings in security settings in the crypto exchange, OKX.
OKX recently suffered a significant security breach involving its SMS notification system.
关于今日网络反馈的“交易所用户资产被盗”情况我们十分重视,已经与相关用户取得联系,目前正在就相关情况进行调查,如最终确定为平台责任平台会主动承担。此外,我们会在相关调查结束后第一时间公布结果,请各位耐心等待并停止不必要的猜测。感谢大家的支持。
— OKX中文 (@okxchinese) June 9, 2024
Attackers reportedly exploited this vulnerability, allowing them to create new API keys with permissions to withdraw and trade. Many users have experienced thefts as a result.
This incident at OKX is not isolated. Binance, another major exchange, has recently experienced a similar security breach.
Per reports, OKX is conducting a thorough investigation, reaching out to affected users, and promising full accountability if found at fault.
The exchange requested patience during the investigation process and recommended enabling two-factor authentication (2FA) to prevent further breaches. Despite these reassurances, the security shortcomings revealed are causing concern among users and industry observers.
Blockchain reporter Wu Blockchain conducted an analysis revealing ‘serious shortcomings’ in OKX's security settings. These include:
OKX allows switching to lower security verification methods, such as SMS, during sensitive operations like adding a whitelist address, withdrawals, and various verification changes. This bypasses Google Authenticator (GA) verification, undermining its security benefits.
OKX does not trigger a 24-hour withdrawal ban for sensitive operations such as disabling phone verification, disabling GA verification, and changing the login password. Withdrawal bans only apply when logging in on a new device. This represents a compromise in risk control measures for password changes.
Withdrawals to whitelisted addresses are not subject to dynamic verification based on withdrawal amounts. Withdrawals up to the limit can proceed without further verification after an address is added to the whitelist. Other exchanges set limits requiring re-verification for larger amounts, providing an additional layer of security.
According to Wu Blockchain, the current shortcomings have exposed users to significant risks.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Latest News
0h : 51m ago
OKX Ventures, The Open Platform, and Folius Ventures Launch $10M Telegram Growth Hub
October 29, 2024
Is Bitcoin Set to Soar Even Higher?
October 29, 2024
DWF Labs Dismisses Partner Amid Drink-Spiking Allegations in Hong Kong
October 29, 2024
Visa and FV Bank Debut New Debit and Expense Cards, Bridging Crypto and Fiat Global Payments
October 29, 2024
Bitcoin Surges Past $71,000: What Could be the Possible Reasons?
October 29, 2024
Hong Kong Expands Tax Incentives to Include Virtual Assets, Targeting Institutional Investors
October 28, 2024
Dogecoin Surges Amid Musk and Trump Connections
October 28, 2024
Could Robinhood’s U.S.-Only Election Market Predict Results Better by Excluding Foreign Influence?