OKX DEX hacked for $2.7 million after private key leak

The exchange has promised to reimburse affected users.

OKX DEX hacked for $2.7 million after private key leak

Share this article

A recently confirmed exploit hit the OKX decentralized exchange (DEX) yesterday, according to an initial investigation by blockchain security firm SlowMist. The exploit is suspected to have originated from a private key leak leveraged against a deprecated smart contract.

OKX has confirmed the exploit and has promised to reimburse affected users. At the time of writing, the total damage of this exploit stands at an estimated $2.7 million, a number that may still go up pending discovery from further investigations.

“We regret to inform you that a deprecated smart contract on OKX DEX has been compromised. We have taken immediate action to secure all user funds and revoke the contract permissions,” OKX said.

The platform also stated they are now working with ‘relevant agencies’ to help locate and retrieve the stolen funds.

Initial analysis of the exploit by SlowMist details that token exchanges made through OKX’s DEX platform are processed using the TokenApprove contract, which can then transfer tokens through the contract’s call functionalities.

One critical element of this process is the DEX Proxy, a delegated authorization mechanism responsible for managing token transfers between users’ wallets and the TokenApprove contract.

The DEX Proxy acts as an intermediary layer, allowing users to trade tokens on the OKX platform without having to constantly approve individual token transactions. This process is overseen by a proxy administrator who may upgrade the contract and invoke claimToken functions (based on the TokenApprove layer) for transfers.

Further investigation by SlowMist revealed that an update to the DEX Proxy contract was implemented on December 12 at 22:23 UTC, effectively modifying the contract’s functionality.

Unfortunately, due to the alleged private key leak in the old version of the smart contract, the yet unidentified threat actor was able to bypass this.

Post the attack, blockchain analytics firm Arkham has released an Intel Exchange Bounty for anyone who can help identify the person or organization behind the exploit. Arkham claims that the same hacker or group was responsible for recent exploits on LunaFi, Uno Re, RVLT, and more, although details on the suspect’s degree of involvement in these are scarce at the moment. The bounty by Arkham is open for 5,000 ARKM (about $2,250).

Share this article

Loading...