OKX and SlowMist Probing Multi-Million Dollar SIM Swap Scam
OKX and cybersecurity partner SlowMist are currently investigating a significant breach that resulted in the theft of millions of dollars from two user accounts.
The incident occurred on June 9 and involved a SIM swap attack, highlighting concerns about the security vulnerabilities associated with SMS-based two-factor authentication (2FA) systems.
The investigation also brings to light the increasing sophistication of phishing attacks and the persistent security challenges faced by the crypto and Web3 communities.
Two OKX Users Fall Victim to SIM Swap Attack
According to SlowMist founder Yu Xian, the attackers exploited the creation of a new API key with withdrawal and trading permissions. While the exact amount stolen remains unknown, Xian disclosed that “millions of dollars of assets were taken.”
Xian further explained that the SMS notification regarding the risk originated from Hong Kong, and a new API key was generated with withdrawal and trading privileges. This led to initial suspicions of cross-trading intentions, which have now been ruled out.
The security breach seems to have circumvented OKX’s 2FA system, allowing the attackers to switch to a less secure verification method and whitelist withdrawal addresses through SMS confirmation. Although the investigation is ongoing, SlowMist has suggested that OKX’s 2FA mechanism may not have been the main vulnerability.
Instead, the exploiters managed to bypass 2FA by exploiting the less secure SMS verification process. An analysis by Web3 security group Dilation Effect indicates that the attackers took advantage of this to carry out their illicit activities.
One of the victims of the crypto theft expressed appreciation for being compensated by the OKX team.
The Growing Concern Over Phishing Attacks
This incident underscores the increasing complexity of phishing attacks. For instance, in an earlier case in June, a Chinese trader lost $1 million in a sophisticated scam involving a compromised Google Chrome plugin called Aggr, which stole cookies to gain access to the trader’s Binance account.
The hackers utilized these cookies to bypass password and 2FA protections, enabling them to conduct unauthorized trades and withdrawals.
Despite the trader’s prompt contact with Binance customer service, the hackers successfully withdrew all funds before any security measures could be implemented.
Phishing attacks are on the rise, with notable incidents such as the data breach experienced by CoinGecko’s third-party email management platform, GetResponse, resulting in the dissemination of 23,723 phishing emails.
The breach occurred on June 5, stemming from a compromised GetResponse employee email account. The attackers were able to extract the contact details of more than 1.9 million users.
The compromised data includes names, email addresses, IP addresses, and email opening locations, although CoinGecko assured that user accounts and passwords are secure.
In response to the breach, CoinGecko offered users guidance on safeguarding themselves from scams, such as avoiding unfamiliar domains and refraining from clicking on unsolicited links.
Furthermore, the emergence of AI-enhanced scam tactics, including deep fake technology, adds another layer of complexity to crypto security. Scammers impersonate influential figures like Elon Musk to promote deceptive investment schemes.
As per Merkle Science’s 2024 HackHub report, over 55% of hacked digital assets in 2023 were lost due to private key leaks, underscoring the critical importance of implementing robust security measures to shield digital assets from sophisticated phishing attacks.
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.
OKX and SlowMist are collaborating to investigate a multimillion dollar SIM swap exploit
Related Posts
Add A Comment