Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
Decentralized exchange (DEX) OKX suffered a $430,000 exploit due to a suspected leak of the proxy administrator's private key.
Update:
According to PeckShield analysts, the amount of damage increased to approximately $2.76 million.
According to SlowMist's analysis, when exchanging on the platform, users authorize the TokenApprove contract, which then transfers the user's tokens.
The ClaimTokens feature allows a trusted DEX proxy to make a call to it. In this case, the servers are managed by administrators who can independently make changes to the smart contract.
On December 12, the owner of one of the servers updated it, which allowed ClaimTokens to be called directly to transfer user tokens. The attacker took advantage of this exploit.
According to DeBank, the hacker's address holds $430,000 worth of tokens.
Scopescan experts contacted OKX representatives, who emphasized that an “outdated abandoned market maker contract” was attacked. According to them, the exploit was discovered and stopped.
Later, a statement was issued on the official page of the platform in X. The exchange announced that permissions had been revoked from the attacked server.
“We are working with the relevant authorities to locate the stolen funds. We will compensate the victims for their losses. A thorough check is currently being carried out to prevent such incidents. We apologize for the inconvenience caused,” the message says.
Update:
According to PeckShield analysts, the amount of damage increased to approximately $2.76 million.
According to SlowMist's analysis, when exchanging on the platform, users authorize the TokenApprove contract, which then transfers the user's tokens.
The ClaimTokens feature allows a trusted DEX proxy to make a call to it. In this case, the servers are managed by administrators who can independently make changes to the smart contract.
On December 12, the owner of one of the servers updated it, which allowed ClaimTokens to be called directly to transfer user tokens. The attacker took advantage of this exploit.
According to DeBank, the hacker's address holds $430,000 worth of tokens.
Scopescan experts contacted OKX representatives, who emphasized that an “outdated abandoned market maker contract” was attacked. According to them, the exploit was discovered and stopped.
Later, a statement was issued on the official page of the platform in X. The exchange announced that permissions had been revoked from the attacked server.
“We are working with the relevant authorities to locate the stolen funds. We will compensate the victims for their losses. A thorough check is currently being carried out to prevent such incidents. We apologize for the inconvenience caused,” the message says.
