OKX DEX suffers apparent $2.7 million exploit following suspected private key leak


OKX DEX suffers apparent $2.7 million exploit following suspected private key leak

A decentralized exchange (DEX) aggregator from OKX appears to have suffered a $2.7 million exploit, according to security analysts.

The attack may have resulted from the DEX’s admin private key leak, security firm SlowMist posted on X. Shortly after, OKX confirmed a deprecated smart contract on OKX’s DEX had been compromised, promising to reimburse affected users.

“We regret to inform you that a deprecated smart contract on OKX DEX has been compromised. We have taken immediate action to secure all user funds and revoke the contract permissions. We are working with relevant agencies to locate the stolen funds and will reimburse affected users,” the platform stated on X.

Security analysts at PeckShield later confirmed the exploit, stating that it resulted in approximately $2.7 million worth of crypto assets stolen.

Blockchain data analytics provider Arkham also confirmed OKX DEX was exploited by a hacker who likely upgraded a deprecated contract with token approvals, resulting in losses of over $2.7 million. It also suggested that the attacker was tied to other exploits, including LunaFi, Uno Re and RVLT. Arkham also offered a bounty of 5,000 ARKM ($2,250) for information to help identify the hacker or lead to the return of funds.

What happened?

SlowMist said users authorize token exchanges on the DEX via the TokenApprove contract. The DEX contract can then transfer these tokens by invoking TokenApprove’s functionality. A key component in this process is the DEX Proxy, managed by the Proxy Admin. The Proxy Admin Owner has the authority to upgrade the DEX Proxy contract, enabling it to call the claimTokens function of the TokenApprove contract for token transfers.

“This attack may be a result of the Proxy Admin Owner’s private key being leaked,” SlowMist added, with the current owner implementing a significant upgrade to the DEX Proxy contract on Dec. 12 at 22:23 UTC. This upgrade altered the contract’s functionality, allowing it to directly call the claimTokens function of the DEX contract for token transfers — opening up a vulnerability that attackers exploited to steal tokens.

OKX DEX did not respond to a request for comment from The Block.


Leave A Reply

Your email address will not be published.