Two OKX user accounts hacked as SMS notification security compromised

Two OKX user accounts hacked as SMS notification security compromised
фото показано с : invezz.com

2024-6-11 10:36

Cryptocurrency exchange OKX saw two of its user accounts hacked on Jun 9. The attack allegedly transpired due to the SMS notification security of the platform being compromised.

According to security firm SlowMist, two different victims lost access to their accounts to the attackers. Both incidents saw SMS risk notifications originating from “Hong Kong.”

OKX accounts compromised 

While this is a security feature, the attacker allegedly managed to exploit it. Using this approach, the attacker created altered API keys with permissions to withdraw and trade.

The exact intricacies of the attack have yet to be publicized by the security specialist as it is waiting for the victim’s consent.

SlowMist anticipates that the attack was carried out by a premeditated gang. The security firm’s tracking arm, MistTrack, is monitoring the hacker wallet addresses involved.

At the time of publication, the amount of funds lost has not yet been revealed.

Analysts at SlowMist initially speculated the attack to be a cross-trading attempt.

A similar incident saw a Chinese trader lose $1 million. The hacker had gained access to the trader’s web browser cookie data via a malicious Chrome plugin dubbed Aggr.

The cookies were used to hijack the trader’s active user sessions without the need for a password or authentication.

After this, the attacker used cross-trading to make profits, as the funds from the victim’s account could not be withdrawn directly due to the two-factor authentication in place.

However, SlowMist has dismissed this theory for the OKX exploits.

In this scenario, 2FA authentication tools like Google Authenticator were not enabled by the affected users.  The cybersecurity firm is unsure if this allowed the attackers to breach the accounts.

OKX to take responsibility

Meanwhile, OKX has acknowledged the exploits. The firm has vowed to take full responsibility for the attack if evidence suggests it was due to their security failing.

The platform is currently investigating the matter.

This has been a bad week for the OKX in terms of security hiccups. Last week, another customer of the exchange lost $2 million worth of crypto assets in a separate exploit.

Attackers used user data breached in a Telegram data leak to gain access to the victim’s OKX account.

Subsequently, they employed AI-generated deep fake video of the victim to change the security features of his account, including his phone number and even his Google authenticator.

That’s not all. Prior to this attack, OKX Dex, a DEX (Decentralised Exchange) and cross-chain bridge aggregator, lost $430,000.

SlowMist reported that the OKX DEX proxy admin owner’s private key had allegedly leaked. The hackers modified the protocol using this access and managed to steal funds from all users who interacted with the malicious protocol.

The post Two OKX user accounts hacked as SMS notification security compromised appeared first on Invezz

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Speed Mining Service (SMS) на Currencies.ru

$ 1.9622 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $1.9622 - H: $1.9622
Капитализация $205.406k Rank 99999
Доступно / Всего 104.68k SMS

security compromised hacked sms accounts okx leading

security compromised → Результатов: 123


Фото:

RoboHero’s Compromised Twitter Account Sounds Alarm on Web3 Projects Cybersecurity Vulnerabilities

The recent breach of RoboHero’s Twitter account highlights the cybersecurity vulnerabilities facing Web3 projects on social media platforms. RoboHero, the pioneering Web3 mobile game, experienced a severe security incident on April 2, 2024, when hackers compromised its official Twitter account.

2024-4-24 17:19


Nansen Warns Of Potential Phishing Attacks Following Vendor Security Incident Exposing Customer Data

Crypto analytics platform Nansen has revealed that a bad actor accessed its admin system to provision customer accounts. On Sept. 20, a security breach by one of Nansen’s third-party vendors led to compromised customer access, underscoring the ever-present digital risk, particularly in the continually evolving arena of blockchain technology and cryptocurrency.

2023-9-22 13:10


Фото:

Microsoft says Nation-State Hacker Group is Leveraging Cryptocurrency to Stay Under the Radar

A new security report by Microsoft says nation-state hacker group Bismuth is now deploying cryptocurrency-mining malware alongside its regular cyber-espionage toolkits. According to the report, the deployment by Bismuth of Monero coin miners in recent campaigns has provided another way for the attackers to monetize compromised networks.

2020-12-2 18:00


Фото:

Microsoft Report says Nation-State Hacker Group is Leveraging Cryptocurrency Techniques to Stay Under the Radar

A new security report by Microsoft says nation-state hacker group Bismuth is now deploying cryptocurrency-mining malware alongside its regular cyber-espionage toolkits. According to the report, the deployment by Bismuth of Monero coin miners in recent campaigns has provided another way for the attackers to monetize compromised networks.

2020-12-1 18:00


Uber Ex-Security Chief Silently Paid Hackers $100,000 in Bitcoin in Hush Money

Uber Technologies’ former chief security officer was charged with covering up a data breach in 2016 that compromised the personal information of 57 million drivers and users. Ex-CSO Joseph Sullivan is charged with obstruction of justice and failing to report the knowledge of felony, according to a statement from US attorney David L. Anderson in […]

2020-8-21 18:53


Фото:

How a fictional “terrorist” and the carelessness of the German security forces compromised a company’s reputation

The situation with the German startup JA EXPERTS AG in August 2019, which caused excitement and surprise among Internet users, finally cleared up. Half a year ago, the Coinscelegram team managed to communicate with the representatives of the UFO-House Hotel project, and today we would like to recall how it was and tell how it […]

2020-3-7 20:07


Пользователи Monero под угрозой. Бинарные файлы CLI могли быть скомпрометированы

Двоичные файлы CLI, доступные на getmonero. org, могли быть скомпрометированы в течение последних 24 часов. Об этом сообщили разработчики криптовалюты Monero. #Monero Security Warning: CLI binaries available on https://t.

2019-11-20 14:19


Разработчики Monero предупредили о возможной компрометации бинарных файлов CLI

Двоичные файлы CLI, доступные на getmonero. org, могли быть скомпрометированы в течение последних 24 часов. Об этом сообщили разработчики криптовалюты Monero. #Monero Security Warning: CLI binaries available on https://t.

2019-11-20 11:42


Google is integrating its password checkup feature into Chrome — here’s how to use it

At this point, it’s established that when you sign up for a service, you should always expect that at some point it will be breached. But that doesn’t mean you should give up on practicing basic security hygiene, because let’s face it: reused and shared passwords are still one of the major ways top ways cybercriminals take over online accounts.

2019-10-3 08:24


Фото:

MasterMana Botnet takes over your machine to empty your cryptocurrency wallet

Cybersecurity researchers have detailed a dangerous botnet specifically targeting businesses to steal sensitive data and cryptocurrency. Dubbed “MasterMana Botnet,” the ongoing campaign is believed to be connected to the “Gorgon Group,” a crew of cyberbaddies linked to worldwide criminal activity and repeated attacks on governments.

2019-10-2 19:57