Hackers Steal Funds From OKX Users In A SIM Swap Attack
Two users fell victim to an OKX SIM swap hack that involved the theft of an undisclosed sum on June 9. The customers’ funds were stolen following a deceitful SMS notification purportedly from the exchange.
The attack follows last week’s deepfake incident on OKX, where cybercriminals used AI videos to circumvent the exchange’s security architecture.
Users Targeted in New OKX SIM Swap Hack
The founder of blockchain security firm SlowMist, Yu Xian, revealed that the theft occurred through a sophisticated SMS attack.
The attackers sent a fake notification appearing to come from Hong Kong, tricking the victim into creating new API keys with withdrawal and trading permissions. Both incidents shared strikingly similar methods and might have been carried out by the same perpetrators.
Xian noted that the OKX SIM swap hack was initially suspected to involve cross-trading intentions, but that method has been ruled out.
两个不同的受害者,今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的,除了 @AsAnEgg 提到的共性,还包括短信风险通知来自“香港”这个特征、创建了新的 API Key(有提现、交易权限,这也是为什么之前怀疑有对敲意图,目前看来可以排除了)。… https://t.co/pqIjqLhmkB
— Cos(余弦)😶🌫️ (@evilcos) June 9, 2024
Shortly after Xian’s post, OKX released a detailed update in an X post confirming the breach.
“We attach great importance to the “exchange user assets stolen” situation reported online today. We have contacted the relevant users and are currently investigating the relevant situation,” The post (translated from Chinese to English) read. “If it is finally determined that the platform is responsible, the platform will take the initiative to bear it. In addition, we will announce the results as soon as the relevant investigation is completed.”
At press time, the specifics of the OKX SIM swap hack and how the hackers infiltrated the exchange’s authentication systems are unclear.
Some people in the crypto community suspect the crypto theft to be a possible SIM swap breach, however.
A SIM swap attack is a type of identity theft where a hacker tricks a mobile carrier into moving a user’s phone number to a new SIM card controlled by the hacker.
Once the hacker has control of the victim’s phone, they can intercept sensitive information like two-factor authentication codes, which could give them unauthorized access to online accounts.
Crypto exchange customers have been targeted in SIM swap attacks in the past. For example, in October 2023, a hacker stole about $400,000 by targeting Friend.tech users through SIM-swapping scams. This attack prompted Friend.tech to add a 2FA password feature for users to bolster security for users whose cell carriers or email services have been compromised.
OKX Users Continue to Face Security Challenges
OKX is the third largest cryptocurrency exchange by trading volume, behind Binance and Coinbase. The Bitcoin platform is home to thousands of digital assets and is used by millions of customers. Despite its sheer scale, the company has struggled to keep malicious actors at bay.
前不久,我的一位朋友在使用OKX钱包时遭遇页面劫持被盗5万USDT(波场TRC20)。
据我这位朋友找的安全从业人士分析,黑客是通过页面劫持将他用的OKX钱包的“补充GAS”替换成“更新波场账户所有者权限”,在用户界面无感知的情况下骗取授权,进而控制受害者的波场账户实现盗币。… pic.twitter.com/kXauBBBd0T
— NingNing (🌿,👻) (@0xNing0x) June 4, 2024
Crypto News reported on June 3 that deepfake scammers stole $2 million from an OKX user. The incident happened after a major Telegram data breach exposed the customer’s personal information, which the malicious entity used to access their OKX account and steal the assets.
