An OKX decentralized exchange aggregator (DEX) appears to have suffered a $2.7 million exploit, according to security analysts.
The attack may be the result of the leak of the DEX administrator’s private key by security firm SlowMist Posted on X. Shortly afterwards, OKX confirmed that an outdated smart contract on OKX’s DEX had been compromised, promising to refund affected users.
“We regret to inform you that an outdated smart contract on OKX DEX has been compromised. We took immediate action to secure all user funds and revoke contract permissions. We are working with relevant agencies to locate the stolen funds and will reimburse affected users,” the platform said declared on X.
Security analysts at PeckShield later confirmed the exploit, stating that it resulted in the stealing of approximately $2.7 million in crypto assets.
Blockchain data analytics provider Arkham too confirmed OKX DEX was exploited by a hacker who likely upgraded an outdated contract with token approvals, resulting in losses of over $2.7 million. It also suggested that the attacker was linked to other exploits including LunaFi, Uno Re and RVLT. Arkham also offered a bounty of 5,000 ARKM ($2,250) for information that could help identify the hacker or provide refunds.
What happened?
SlowMist said users authorize token exchanges on the DEX through the TokenApprove contract. The DEX contract can then transfer these tokens by calling the TokenApprove functionality. An important part of this process is the DEX Proxy, managed by the Proxy Admin. The proxy manager owner has the authority to upgrade the DEX proxy contract, which allows them to call the claimTokens function of the TokenApprove contract for token transfers.
“This attack could be the result of the Proxy Admin Owner’s private key being leaked,” SlowMist added, as the current owner deployed a significant upgrade to the DEX Proxy contract on December 12 at 10:23 UTC. This upgrade changed the contract’s functionality, allowing it to directly call the DEX contract’s claimTokens function for token transfers, creating a vulnerability that attackers exploited to steal tokens.
OKX DEX did not respond to a request for comment from The Block.
buy cheap clomiphene price cost of generic clomid clomid risks buying clomid without dr prescription order clomid without insurance buying clomiphene pill generic clomiphene walmart
More text pieces like this would create the web better.
I am in truth thrilled to coup d’oeil at this blog posts which consists of tons of worthwhile facts, thanks towards providing such data.
order azithromycin online cheap – order metronidazole sale flagyl ca
buy semaglutide pills – cyproheptadine 4mg pills purchase periactin pill
buy motilium online cheap – cyclobenzaprine over the counter buy cyclobenzaprine without prescription
propranolol over the counter – methotrexate online order cheap methotrexate 5mg
order azithromycin 250mg for sale – generic nebivolol buy nebivolol generic
clavulanate over the counter – atbioinfo.com buy ampicillin sale
esomeprazole where to buy – https://anexamate.com/ order nexium 40mg for sale
warfarin usa – https://coumamide.com/ buy hyzaar medication
buy mobic paypal – tenderness meloxicam 7.5mg tablet
prednisone 40mg us – https://apreplson.com/ order prednisone pills
low cost ed pills – best ed pills online where to buy ed pills
amoxicillin canada – https://combamoxi.com/ buy amoxil online
diflucan 200mg usa – https://gpdifluca.com/# buy fluconazole 200mg generic