OKX and SlowMist Investigate Multi-Million Dollar SIM Swap Exploit

OKX Sim Swap SlowMist
Last updated:
Journalist
Journalist
Hassan Shittu
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

OKX and its security partner SlowMist are investigating a major security breach that stole millions of dollars from two user accounts. The incident on June 9 involved a SIM swap attack, raising concerns about the vulnerabilities associated with SMS-based two-factor authentication (2FA) mechanisms.The investigation also sheds more light on the growing sophistication of phishing attacks and the ongoing security challenges in crypto and Web3.

Two OKX Users Compromised Via Sim Swap Attack

SlowMist founder Yu Xian reported on X (formerly Twitter) that the attack involved creating a new API key with withdrawal and trading permissions. Although the amount stolen is unclear, Xian noted that “millions of dollars of assets were stolen.”

“The SMS risk notification came from Hong Kong, and a new API Key was created (with withdrawal and trading permissions, which is why we suspected a cross-trading intention before, but it seems that it can be ruled out now,” Xian stated.

The security breach appears to have utilized OKX’s 2FA system, enabling attackers to switch to a lower-security verification method and whitelist withdrawal addresses via SMS verification. While the investigation is ongoing, SlowMist has indicated that OKX’s 2FA mechanism may not have been the primary vulnerability.

Instead, the exploiters bypassed 2FA by leveraging the lower-security SMS verification process. An analysis by Web3 security group Dilation Effect suggests that the attackers used this to carry out their malicious activities.

One of the crypto theft victims expressed gratitude for being compensated by the OKX team.

The Rising Alarm Of Phishing Attack

This incident shows the growing sophistication of phishing attacks. For example, earlier in June, a Chinese trader lost $1 million in a sophisticated scam involving a compromised Google Chrome plugin named Aggr, which stole cookies to gain access to the trader’s Binance account.The hackers used these cookies to bypass password and 2FA protections, allowing them to make unauthorized trades and withdrawals.Despite the trader’s immediate contact with Binance customer service, the hackers managed to withdraw all funds before any security measures could be enacted.Phishing attacks have increased, with major incidents such as the data breach suffered by CoinGecko‘s third-party email management platform, GetResponse, leading to the distribution of 23,723 phishing emails.The breach occurred on June 5, caused by a compromised GetResponse employee email account. The attackers could export the contact information of over 1.9 million users.The compromised data includes names, email addresses, IP addresses, and email open locations, though CoinGecko stated user accounts and passwords are secure. In response to the breach, CoinGecko provided users with steps to protect themselves from scams, such as avoiding unfamiliar domains and not clicking unsolicited links.It’s also worth noting that the rise of AI-enhanced scam tactics, including deep fake technology, further complicates crypto security. Scammers impersonate influential figures like Elon Musk to promote fraudulent investment schemes.According to Merkle Science’s 2024 HackHub report, over 55% of hacked digital assets in 2023 were lost due to private key leaks, emphasizing the critical need for enhanced security protocols to protect digital assets from sophisticated phishing attacks.

More Articles

Altcoin News
Further Punishment Awaits South Korean Civil Servant Who Stole $416k to Buy Crypto
Tim Alper
Tim Alper
2025-02-17 03:00:00
Cryptonews Reports
Lawyer Confirms US Has Dropped Vinnik Case, Client ‘Has a Clean Slate’
Tim Alper
Tim Alper
2025-02-16 23:30:00
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors