Breach Alert: OKX DEX Loses $424,000 in Devastating Exploit

• Recent Security Breach at OKX DEX Results in Significant Loss
• Details of the Security Breach
• 18 Addresses Targeted in the Hack
• Role of OKX's Proxy Admin Account
• Steps Taken Post-Incident

Recent Security Breach at OKX DEX Results in Significant Loss

A recent security breach at OKX DEX has led to an exploit on its decentralized exchange (DEX) contracts, resulting in the loss of over $424,000 in user funds. Following the incident, the affected contracts were deactivated, and plans have been set in motion to compensate the impacted users.

Details of the Security Breach

OKX DEX fell victim to an exploit, with several wallets authorized to the platform being breached, leading to a loss of more than $424,000. The deployer of the OKX DEX: Aggregation Router was implicated in the attack, and the proxy for the attack has since been removed. There are suspicions surrounding the private account of 0xFacf3.

Reports from Chinese journalist Colin Wu indicate that numerous wallet addresses authorized on OKX DEX were emptied during the exploit. The stolen funds were traced to an address holding an amount exceeding $424,000.

18 Addresses Targeted in the Hack

According to the incident report from OKX, the hack was aimed at a market maker contract facilitating DEX trading. This allowed the attacker to rob from 18 addresses that had approved the contract for token trading. Despite this massive breach, OKX has assured users that the majority of assets remain secure.

Role of OKX's Proxy Admin Account

Blockchain security firm SlowMist, covering the incident, attributed the breach to a leaked private key for OKX's proxy admin account. This compromised admin account allowed the attacker to upgrade the DEX's proxy contract to a malicious version, directly draining user funds. Even after the initial theft, the proxy admin continued to upgrade the contract to continue stealing additional tokens.

Steps Taken Post-Incident

In response to the breach, OKX promptly removed the corrupted proxy contract from DEX's trusted permission list. The exchange has also committed to compensating all affected users and is in the process of conducting a security audit. Moreover, it is reorganizing abandoned contracts to prevent such vulnerabilities in the future.

Edited by Jonathan Stoker