In a recent security event, OKX DEX experienced a breach in its decentralized exchange (DEX) contracts, leading to the compromise of user funds amounting to more than $424,000. The affected contracts have been disabled by the exchange, and efforts are underway to reimburse users affected by the incident.
Notably, Chinese journalist Colin Wu disclosed that multiple wallet addresses linked to OKX DEX were emptied during the exploit, and the misappropriated funds have been traced to an address holding an amount surpassing $424,000.
OKX Security Alert: Hacker Concentrates on 18 Addresses in Attack
According to this exchange’s incident report, the hacking incident specifically targeted a market maker contract responsible for facilitating decentralized exchange (DEX) trading. This allowed the attacker to pilfer funds from 18 addresses that had granted approval for the contract to engage in token trading. Despite the breach, this exchange reassured its users that the majority of assets remain secure.
The blockchain security firm SlowMist, which investigated the incident, attributed the breach to a leaked private key for OKX’s proxy admin account. This compromised admin account provided the attacker with the ability to upgrade the DEX’s proxy contract to a malicious version, resulting in the direct depletion of user funds. The proxy admin continued these upgrades even after the initial theft, persistently draining additional tokens.
This exchange responded promptly by removing the corrupted proxy contract from the trusted permission list of the DEX. The exchange also committed to compensating all affected users, initiating a security audit, and restructuring abandoned contracts to mitigate potential vulnerabilities in the future.