Private Key Leak Triggers $2.7 Million Exploit on OKX Platform

By Ben Knight December 14, 2023 In OKX
Source: Adobe Stock
  • Leaked private keys from an OKX smart contract allowed an attacker to steal USD $2.7 million worth of funds.
  • OKX has promised to cover losses of those affected by the breach.
  • The hack has highlighted the potential vulnerability of decentralised platforms despite their user control advantages.

OKX, a decentralised exchange (DEX), renowned for facilitating low-fee, high-liquidity asset swaps, has been hacked to the tune of USD $2.7 million (AUD $4.05 million). The breach was revealed on December 13th by blockchain security team SlowMist, who took to X (formerly Twitter) to announce the news.

Proxy Admin Owner Private Keys Stolen

The cause of the loophole in an OKX smart contract allegedly started with the leaking of the “Proxy Admin Owner’s” private keys. The hacker, now with access to the contract, quickly upgraded the capabilities of the DEX Proxy Admin. Significantly,  they enabled the “claimTokens” function, which essentially allows the contract owner to approve token swaps that would otherwise be declined.

As OKX scrambled to retain control of the smart contract, a few hours later the hacker upgraded the contract once again to re-enable the claimTokens ability. A wide range of cryptocurrencies were stolen from the OKX liquidity pools, including USDC, USDT, SHIBA INU and more across 31 independent transactions into the same wallet (now referred to as OKX Exploiter 2).

OKX To Fully Reimburse Victims

OKX was quick to stem the bleeding before things got out of hand, but the million-dollar loss of funds is nothing to sneeze at. However, the exchange plans to remedy the situation by fully reimbursing those affected by the compromise.

Advertisement

The old abandoned MM contract was attacked, and the attack has been located and stopped. The losses of the users involved will be fully borne.

OKX

It’s worth noting that at the time of writing the message, OKX only believed the exploit size to be approximately USD $391K (AUD $586K). That number has since ballooned to over two million, so whether the DEX remains true to its word will make for an interesting watch. OKX does have several insurance funds in place for mass liquidation events, so it is likely they were at least somewhat prepared for an event of this scale.

The hack is a sobering reminder that decentralised platforms aren’t necessarily safer than their centralised counterparts. While DEXs offer superior control over one’s own cryptocurrencies, most major hacks and exploits actually occur on the DeFi side of things – not on major centralised exchanges (CEXs).

Ben Knight
Author

Ben Knight

Ben Knight is a writer and editor from Melbourne with a passion for all things music and finance. He enjoys turning complex topics – especially the technical details of cryptocurrency – into digestible bites that anybody can understand. He acquired his Master’s in Writing, Editing and Publishing from RMIT in 2019 and has run his own creative writing business ever since.

You may also like