Security Breach Hits OKX DEX in Latest DeFi Exploit
In the most recent incident impacting the decentralized finance (DeFi) sector, the OKX decentralized exchange (DEX) has fallen victim to a security breach. While specific details are scarce, indications suggest that a private key associated with the OKX DEX was compromised.
Blockchain security firm SlowMist revealed on December 13 that there was a suspected leak of the OKX DEX proxy admin owner’s private key. Crypto insights firm Scopescan verified user reports of an exploit event on the OKX DEX contract and promptly informed the exchange.
According to SlowMist, the attack targeted an old, abandoned MM contract, and the breach was swiftly identified and halted. The exchange assured users affected by the incident that their losses would be fully covered. Further investigation by SlowMist revealed that during token exchanges, users inadvertently authorized the TokenApprove contract, allowing the DEX contract to transfer their tokens. The exploit took advantage of a trusted DEX Proxy, managed by the Proxy Admin, which had the ability to upgrade the DEX Proxy contract.
The Proxy Admin executed an upgrade to a new implementation contract on December 12, with its primary function being to directly call the claimTokens function of the DEX contract to transfer tokens. Subsequently, attackers began exploiting the DEX Proxy to abscond with tokens, resulting in an estimated profit of approximately $430,000 for the assailant.
SlowMist suggested that the leak of the Proxy Admin Owner’s private key may have played a role in this DeFi exploit. As a precautionary measure, they removed the DEX Proxy from the trusted list. The exploiter's address, as per Etherscan, currently holds tokens valued at $430,000.
In response to the incident, the exchange issued an update on its official Twitter feed, stating, "We are working with relevant agencies to locate the stolen funds and will reimburse affected users with $370k." This unfortunate event adds OKX DEX to the growing list of DeFi platforms experiencing security breaches this year.
Recent notable incidents include attacks on Florence Finance, KyberSwap, HTX, and Heco Bridge. Florence Finance suffered a $1.45 million loss in an address poisoning attack, while KyberSwap fell victim to a significant hack resulting in a $45 million loss in November. Additionally, Mixin Network, Linear Finance, and Balancer have also faced security breaches in recent months within the DeFi space.