OKX has experienced significant outflows, with $204 million withdrawn in the past 24 hours and $630 million in the past week, surpassing the outflows of other prominent cryptocurrency exchanges.
The surge in withdrawals comes from multiple security controversies that may have undermined user confidence.
OKX’s Design Flaw
On June 9, two OKX users lost a significant amount of funds in a suspected SIM-swapping attack due to a vulnerability in the exchange’s two-factor authentication (2FA) security system, which resulted in their accounts being compromised.
Blockchain security firm SlowMist founder Yu Xian claimed that the users were sent SMS risk notifications from Hong Kong just before a new API key was established for their account verification.
This was further validated by security analysts at Dilation Effect, who identified a vulnerability in OKX’s authentication system. They found that despite users binding their accounts to Google Authenticator (GA) for higher security, OKX allows customers to switch to lower security verification methods during sensitive operations, bypassing GA verification.
When sensitive operations occur, such as disabling the phone of GA verification or changing the login password, the 24-hour withdrawal ban risk control measures are not triggered. For password changes, this measure is only triggered when logging in from a new device.
DE also said that withdrawals to whitelisted addresses do not undergo dynamic verification based on withdrawal amounts. Once an address is whitelisted, it allows unlimited withdrawals within the limit without additional verification, unlike other exchanges, which impose limits and require re-verification if exceeded.
The platform said that OKX’s security settings lack a baseline design and have made several compromises likely to enhance user experience.
OKX Initiates Investigation
Prior to this, malicious entities used artificial intelligence (AI) to craft fake videos, further compromising the exchange’s security.
In response to these incidents, OKX said that it has initiated an investigation and reached out to affected users. The exchange also urged its clients to enable two-factor authentication to enhance security. Despite these efforts, the recurring security issue has resulted in a wave of withdrawals as users seek safer alternatives.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!