Crypto exchange OKX has reportedly been targeted by hackers, with at least two users claiming their funds were drained following SMS risk notifications from Hong Kong. This sophisticated attack involved the creation of new API keys with withdrawal and trading permissions.
According to Yu Xian, founder of the cybersecurity firm SlowMist, an unidentified entity managed to create these API keys, enabling them to swap and drain coins from the affected accounts. OKX’s Chinese branch confirmed in a June 9 post on X that the exchange has contacted the affected users and is actively investigating the incidents.
The full extent of the attack remains unclear as of press time, and the method by which the hackers hijacked the trading accounts has not yet been determined.
SIM swapping, a form of phone hijacking, poses a significant threat to crypto investors. This technique involves transferring a victim’s phone number to a new SIM card, allowing attackers to intercept SMS messages. Such attacks have previously targeted major industry players. In 2021, Coinbase disclosed that hackers stole crypto from about 6,000 users by bypassing multi-factor authentication through a suspected phishing campaign that hijacked two-factor authentication SMS messages.
Other similar incidents have seen hijackers porting phone numbers to intercept one-time passwords, validate transactions, or change account credentials. In response to these threats, many major crypto companies have transitioned away from SMS-based two-factor authentication, though some still rely on this method.
OKX’s ongoing investigation will hopefully shed more light on how the attackers executed this sophisticated breach and what measures can be taken to prevent future incidents.