July 24, 2024
Latest Cryptocurrency News

OKX and SlowMist Investigate Multi-Million Dollar SIM Swap Exploit

OKX cryptocurrency exchange, in collaboration with security partner SlowMist, is investigating a significant exploit that resulted in the theft of two user accounts. The attack, identified as a SIM swap, occurred on June 9 and was revealed by SlowMist founder Yu Xian in a post on X. Although the exact amount stolen remains unclear, Xian confirmed that “millions of dollars of assets were stolen.”

SIM Swap Attack: Security Vulnerabilities Uncovered

The attack exploited OKX’s two-factor authentication (2FA) mechanism, allowing attackers to switch to a less secure SMS verification method. This enabled them to whitelist withdrawal addresses and siphon off funds. SlowMist’s ongoing investigation has not pinpointed 2FA as the primary vulnerability.

Moreover, Xian noted the absence of a 2FA authenticator like Google Authenticator on the compromised accounts. Thus, suggesting that 2FA may not be the central issue.

Growing Sophistication of Hacks

Recent incidents highlight the increasing sophistication of cyberattacks. In early June, a Chinese trader lost $1 million to a scam using a promotional Google Chrome plugin called Aggr, which stole user cookies to bypass passwords and 2FA authentication.

Additionally, phishing attacks surged in June following a data breach at CoinGecko’s third-party email management platform, GetResponse. This breach resulted in 23,723 phishing emails being sent to victims.

Rising Threat of Phishing and Key Leaks

Phishing attacks, designed to steal sensitive information like crypto wallet private keys, have become more prevalent. Moreover, address poisoning scams are also on the rise, tricking investors into sending funds to fraudulent addresses.

Furthermore, according to Merkle Science’s 2024 HackHub report, over 55% of hacked digital assets in 2023 were lost due to private key leaks. These incidents underscore the need for heightened security measures and user vigilance in the crypto space.

Crypto total losses by vulnerabilities. Source: Merkle Science

Image by freepik

Disclosure Statement: Miami Crypto does not take any external funding, or support to bring crypto news to the readers. We do not have any conflicts of interest while writing news stories on Miami Crypto.

Related posts

Security Breach at Nansen’s Third-Party Vendor Impacts User Data

Henry Clarke

Mark Zuckerberg Joins Fediverse Amid Decline of Elon Musk’s Social Media Empire

Kevin Wilson

USDC Overtakes USDT in Monthly Transactions.

Ashley Wilson

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Please enter CoinGecko Free Api Key to get this plugin works.