Back to main

OKX Exchange Investigates Multi-Million Dollar Hack Involving SIM Swap Attack

OKX cryptocurrency exchange and its security partner SlowMist are investigating a significant exploit that led to the theft of two user accounts.

The breach, occurring on June 9, involved an SMS attack, commonly referred to as a SIM swap, which was used to steal the accounts. Yu Xian, the founder of SlowMist, reported this incident on X (formerly Twitter).

“The SMS risk notification came from Hong Kong and a new API Key was created (with withdrawal and trading permissions, which is why we suspected a cross-trading intention before, but it seems that it can be ruled out now).”

“While the exact amount stolen is unclear, Xian noted that “millions of dollars of assets were stolen.”

SlowMist is still investigating the hacker wallet and the underlying incidents. It appears the vulnerability may not lie with the exchange’s two-factor authentication (2FA) mechanisms.

Xian mentioned, “I haven’t turned on a 2FA authenticator like Google Authenticator, but I’m not sure if this is the key point.”

OKX’s 2FA mechanism reportedly allowed the attackers to switch to a lower-security verification method, enabling them to whitelist withdrawal addresses via SMS verification, according to the Web3 security group Dilation Effect.

READ MORE: Australia Bans Crypto and Credit Cards for Online Gambling to Protect Citizens from Financial Risks

More sophisticated hackers have increasingly been bypassing 2FA methods.

For example, a Chinese trader lost $1 million at the beginning of June to a scam involving a promotional Google Chrome plugin called Aggr.

This plugin stole user cookies, which hackers used to bypass passwords and 2FA authentication.

Phishing attacks surged in June following a data breach at CoinGecko’s third-party email management platform, GetResponse.

This breach led to 23,723 phishing emails being sent to victims. Phishing attacks typically aim to steal sensitive information like crypto wallet private keys.

Another form, known as address poisoning scams, tricks investors into sending funds to fraudulent addresses that closely resemble legitimate ones.

Private key and personal data leaks have become the primary causes of crypto-related hacks, as attackers target the easiest vulnerabilities.

According to Merkle Science’s 2024 HackHub report, over 55% of hacked digital assets in 2023 were lost due to private key leaks.


To submit a crypto press release (PR), send an email to [email protected].

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Read on Crypto Intelligence Investment Disclaimer