In a stunning turn of events, OKX has confirmed that a hacker used fake “judicial documents” to steal personal information from a small number of users. This breach has caused a significant stir in the crypto community.
Over the weekend, two OKX users reported that their accounts were compromised and drained. The issue caught widespread attention when blockchain security firm SlowMist noted that both incidents involved the creation of a new API key after users received risk notification SMS texts from Hong Kong.
Web3 security group Dilation Effect added fuel to the fire, claiming that the attackers exploited a security loophole in OKX. This loophole allegedly allowed users to disable Google Authentication or mobile phone verification without triggering a 24-hour withdrawal halt for certain activities.
OKX, however, denied this in their post-mortem statement, asserting that the incident was unrelated to the use of Google Authenticator or SMS verification. The company assured users that they have been and will continue to be compensated for any losses incurred due to the breach.
According to Wu Blockchain, the two affected users have already received full compensation from OKX. Despite these reassurances, OKX declined to provide further details about the breach, including the exact number of affected users and the status of compensation for all victims.
This incident is currently under investigation by judicial authorities, and OKX has stated that they are unable to disclose more specific details at this time.
OKX’s swift response and commitment to compensating affected users have been appreciated, but this breach raises serious questions about security measures and user data protection in the crypto exchange sector.