BanklessTimes
Home News OKX Hacked for $2.7M After Proxy Admin Private Key is Leaked

OKX Hacked for $2.7M After Proxy Admin Private Key is Leaked

Daniela Kirova
Daniela Kirova
Daniela Kirova
Author:
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.
December 13th, 2023
  • A user started stealing tokens after the proxy admin upgraded OKX’s proxy contract
  • OKX assures its loyal customers it will cover all losses resulting from the exploit
  • Crypto industry lost $1.5 billion to hacks and exploits from January to September 2023

Leading decentralized exchange (DEX) OKX fell victim to a $2.7 million exploit on Dec. 13 after a proxy admin owner’s private key was reportedly leaked, Cointelegraph wrote, citing a Dec. 13 post on X by blockchain sleuth SlowMist Zone.

Token theft started a day earlier

The security firm laconically posted that OKX had “encountered an issue,” which started on Dec. 12 according to their report. A user started stealing tokens at around 10:30 pm, after the proxy admin had upgraded OKX’s proxy contract to a new implementation one.

About an hour and a half later, the proxy admin owner upgraded the contract again, and the user continued stealing cryptocurrency. At the time, SlowMist reported that the attack could have been a consequence of a leak of the proxy admin owner’s key.

In the early hours of Dec. 13, the DEX proxy was removed from OKX’s trusted list.

Attack on an old, abandoned contract

Blockchain analysis firm Scopescan reported the attack as well, citing information from users. OKX reportedly told Scopescan that the cybercriminal had attacked an old, abandoned contract, but the vulnerability was identified and remedied.

OKX will cover the losses

OKX assures its loyal customers that it will cover all losses resulting from the exploit. Blockchain sleuth PeckShield posted on X that OKX had lost a total of $2.7 million in different cryptocurrencies in the attack. PeckShield advised users to revoke any existing permits.

The crypto industry lost $1.5B to hacks in 2023

The crypto industry lost $1.5 billion to scams, hacks, and exploits between January and September 2023 according to CertiK cofounder Ronghui Gu. The fourth quarter of the year does not forebode any improvement, with Poloniex losing crypto worth $100 million and a recent hack costing HECO Chain bridge over $80 million.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.