The decentralized exchange (DEX) OKX has suffered a security breach as a result of a compromised private key, according to cybersecurity firms.
In a post on social media platform X, blockchain security company PeckShield says the exploit enabled the hackers to get away with $2.76 million worth of Ethereum (ETH), Tether (USDT) and USDC.
“PeckShieldAlert OKX DEX suffered a Private Key Leakage attack, resulting in ~$2.76 million worth of cryptos being stolen. Please *Revoke* your allowance if any, to https://etherscan.io/address/0x40aa958dd87fc8305b97f2ba922cddca374bcd7f”
Another blockchain security firm, SlowMist, says the private key of a proxy admin owner may have been leaked, which allowed the attackers to steal from the platform after the DEX proxy contract was upgraded on December 12th.
“The new implementation contract’s functionality is to directly call the claimTokens function of the DEX contract to transfer tokens. Subsequently, attackers began calling the DEX Proxy to steal tokens. The Proxy Admin Owner upgraded the contract again at 23:53:59 on December 12, 2023, with similar functionality, and continued stealing tokens after the upgrade.”
OKX says the incident involves a deprecated smart contract. The DEX says it is now conducting a review of the attack.
“We have taken immediate action to secure all user funds and revoke the contract permissions. We are working with relevant agencies to locate the stolen funds and will reimburse affected users with $370,000. A thorough review is underway to prevent similar incidents. Our apologies for any inconvenience caused.”
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxGenerated Image: Midjourney