OKX, in collaboration with its security partner SlowMist, is rigorously investigating a major security breach that resulted in the theft of millions of dollars from two user accounts. The incident, which occurred on June 9, involved a sophisticated SIM swap attack, raising significant concerns about the vulnerabilities associated with SMS-based two-factor authentication (2FA) mechanisms.
Understanding the SIM Swap Attack
The Methodology and Impact
SIM swap attacks, also known as SIM hijacking, have become increasingly prevalent in the digital world, particularly targeting cryptocurrency exchanges and their users. In this incident, attackers managed to exploit OKX’s 2FA system by manipulating the SMS verification process, enabling them to create a new API key with withdrawal and trading permissions. This breach underscores the critical need for more secure authentication methods in the cryptocurrency sector.
Details from SlowMist’s Investigation
Yu Xian, the founder of SlowMist, shared insights into the breach, revealing that millions of dollars in assets were stolen. The attackers successfully bypassed the 2FA mechanism by leveraging the lower-security SMS verification, allowing them to whitelist withdrawal addresses. SlowMist’s analysis, supported by the Web3 security group Dilation Effect, suggests that the attackers utilized this vulnerability to execute their malicious activities.
Source