OKX SIM-swap leads to discovery of 2FA security flaw
A flaw in the two-factor authentication (2FA) security system used by crypto and derivatives exchange OKX has apparently been discovered after two users reported that their accounts had been hacked and their funds drained in a suspected SIM-swapping attack.
The founder of blockchain security firm SlowMist, Yu Xian, reported that the users received SMS risk notifications from Hong Kong before a new API key was created as part of their account authentication process.
Following up on these reports, security analysts Dilation Effect (DE) claims to have found a flaw in OKX’s authentication system. It said that users are able to switch from 2FA to ‘lower security verification methods,’ like SMS verification, during OKX’s sensitive user operations.
Such sensitive actions include withdrawals, whitelisting addresses, changing the login password, and disabling 2FA verification. DE says these actions don’t trigger a 24-hour withdrawal ban and that a ban is only triggered when logging into a new device.
Additionally, if an address is whitelisted, DE claims large amounts of crypto can be withdrawn without the need for additional verification. “This quick analysis reveals that OKX’s security settings lack baseline design. Possibly to enhance user experience, OKX has made significant compromises in security,” DE said.
Read more: Beware of airdrops: Tether CEO warns of mailing list breach
However, Yu claimed to be unsure if Google’s authenticator is the ‘key point’ in this attack, adding, “There’s no need to panic. If the impact is large, the performance of related events should be more exaggerated. Let’s wait for more disclosures.”
SlowMist claims that they are tracking the wallets of the hacker behind the breach of the two accounts and have asked anyone suffering a similar exploit to contact them.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.