BNB 0.25%
BTC 0.41%
DOGE 0.23%
ETH 1.24%
PEPE 2.90%
XRP -0.45%
SHIB 0.10%
SOL 3.00%
TG Casino
powered by $TGC

Hackers Steal Funds From OKX Users In A SIM Swap Attack

Jimmy Aki
Last updated: | 2 min read
OKX SIM Swap Hack

Two users fell victim to an OKX SIM swap hack that involved the theft of an undisclosed sum on June 9. The customers’ funds were stolen following a deceitful SMS notification purportedly from the exchange.

The attack follows last week’s deepfake incident on OKX, where cybercriminals used AI videos to circumvent the exchange’s security architecture.

Users Targeted in New OKX SIM Swap Hack

The founder of blockchain security firm SlowMist, Yu Xian, revealed that the theft occurred through a sophisticated SMS attack.

The attackers sent a fake notification appearing to come from Hong Kong, tricking the victim into creating new API keys with withdrawal and trading permissions. Both incidents shared strikingly similar methods and might have been carried out by the same perpetrators.

Xian noted that the OKX SIM swap hack was initially suspected to involve cross-trading intentions, but that method has been ruled out.

Shortly after Xian’s post, OKX released a detailed update in an X post confirming the breach.

“We attach great importance to the “exchange user assets stolen” situation reported online today. We have contacted the relevant users and are currently investigating the relevant situation,” The post (translated from Chinese to English) read. “If it is finally determined that the platform is responsible, the platform will take the initiative to bear it. In addition, we will announce the results as soon as the relevant investigation is completed.”

At press time, the specifics of the OKX SIM swap hack and how the hackers infiltrated the exchange’s authentication systems are unclear.

Some people in the crypto community suspect the crypto theft to be a possible SIM swap breach, however.

A SIM swap attack is a type of identity theft where a hacker tricks a mobile carrier into moving a user’s phone number to a new SIM card controlled by the hacker.

Once the hacker has control of the victim’s phone, they can intercept sensitive information like two-factor authentication codes, which could give them unauthorized access to online accounts.

Crypto exchange customers have been targeted in SIM swap attacks in the past. For example, in October 2023, a hacker stole about $400,000 by targeting users through SIM-swapping scams. This attack prompted to add a 2FA password feature for users to bolster security for users whose cell carriers or email services have been compromised.

OKX Users Continue to Face Security Challenges

OKX is the third largest cryptocurrency exchange by trading volume, behind Binance and Coinbase. The Bitcoin platform is home to thousands of digital assets and is used by millions of customers. Despite its sheer scale, the company has struggled to keep malicious actors at bay.

Crypto News reported on June 3 that deepfake scammers stole $2 million from an OKX user. The incident happened after a major Telegram data breach exposed the customer’s personal information, which the malicious entity used to access their OKX account and steal the assets.