- A private key compromise allowed the attacker to transfer unauthorized tokens.
- OKX admitted to the exploit and said it would compensate victims.
Crypto funds worth more than $400,000 were stolen from OKX DEX, a decentralized exchange aggregator platform, according to blockchain security firm SlowMist.
Decoding the modus operandi
The exploit was ascribed to a compromise of the management rights of a market maker contract, allowing the attacker to transfer tokens not authorized by the users.
OKX DEX, an offering by popular centralized exchange OKX [OKB], combines the different trading prices through all integrated third-party DEXes and recommends the best trading price to users.
When users want to send tokens, they must approve a TokenApprove contract, which allows the funds to be claimed by the receiver. After this, the claimTokens function of the contract is triggered, which completes the transfer.
However, in the late hours of the 12th of December, a manager of the contract mischievously altered the functionality. This was most likely caused by the leak of the account’s private keys.
According to SlowMist, the new implementation surpassed the authorizing part, enabling the attacker to directly execute the claimTokens function. As a result, the attacker was able to empty users’ wallets of thousands of dollars.
SlowMist flagged the address of the suspected attacker along with the address where the hack proceeds were going to.
OKX will compensate users
Responding to the claims, OKX admitted to the exploit and linked it with an abandoned DEX contract which was no longer in use. However, it said that the affected contracts have been deactivated.
The DEX estimated the hacked amount to be around $370,000 and assured affected users of compensation. As for the rest of the user assets, the exchange said that they were safe.
OKX stated that it would undertake a security check on abandoned smart contracts to avoid such problems in the future.
The development reiterated security risks associated with decentralized finance (DeFi) transactions and the need for increased monitoring.
The exploit didn’t seem to materially harm OKX’s native asset, OKB. The exchange token recorded 24-hour gains of 2.9%, AMBCrypto spotted using CoinMarketCap’s data.