According to blockchain security company SlowMist, OKX DEX, a decentralized exchange aggregator platform, lost cryptocurrency valued at more than $400,000.
According to the vulnerability explanation, an attacker was able to transfer tokens that users had not allowed by compromising the management privileges of a market maker contract.
On the OKX DEX aggregation platform, an outdated proxy contract was the subject of a recent vulnerability that allowed a hacker to gain administrative access to the contract without authorization.
OKX DEX: Outdated contract raises concerns
When a protocol stops actively using a contract to perform user transactions, it is considered obsolete. It seems that OKX updated the contract but did not stop using it completely.
SlowMist Security Alert: OKX DEX Proxy Manager Owner's Private Key Suspected Leaked
According to information from SlowMist Zone, the OKX DEX contract seems to have encountered a problem. After SlowMist analysis, it was found that when users exchange, they authorize…
– Slow Mist (@SlowMist_Team) December 13, 2023
The ClaimTokens feature of the OKX DEX smart contract experienced an issue, according to blockchain security firm SlowMist. The TokenApprove contract, which required user authorization, invokes the ability to send cash to a trusted DEX proxy.
On December 12, the SlowMist team reported that the owner of the OKX DEX proxy manager updated the DEX proxy contract with a new implementation. The purpose of this new implementation was to invoke the ClaimTokens function directly from the DEX contract.
Total crypto market cap at $1.51 trillion on the daily chart: TradingView.com
The exchange said 18 of the addresses approved for the contract had been compromised and linked the event to the management rights of a canceled OKX DEX market maker contract that was compromised.
Furthermore, the exchange promised to refund all affected users. I would also conduct a thorough security review to prevent something similar from happening again.
We regret to inform you that an outdated smart contract on OKX Dex has been compromised. We have taken immediate steps to protect all user funds and revoke contract permissions. We are working with the relevant agencies to locate the stolen funds and will reimburse those affected… pic.twitter.com/zDIjhb3ETz
– OKX Web3 (Wallet | DeFi | nft) (@okxweb3) December 13, 2023
OKX Hack: Actual Damage Unknown
According to PeckShield, another researcher specializing in blockchain security, this vulnerability has cost more than $2.76 million.
In the last 30 days, OKX DEX is believed to have had over 50,000 active user wallets; However, it is unknown how many users were affected by the most recent attack.
Users should be careful when engaging with DeFi protocols, especially those backed by well-known companies in the industry, as highlighted by the OKX DEX breach.
Featured image from Shutterstock
Disclaimer: The article is provided for educational purposes only. It does not represent NewsBTC's views on whether to buy, sell or hold investments, and investing naturally carries risks. It is recommended that you conduct your own research before making any investment decisions. Use the information provided on this website at your own risk.
