According to blockchain security company SlowMist, OKX DEX, a decentralized exchange aggregator platform, valued at over $400,000.
An attacker was able to transfer tokens that users had not allowed by compromising the management privileges of a market maker contract, according to the explanation for the vulnerability.
On the OKX DEX aggregator platform, a deprecated proxy contract was the subject of a recent vulnerability that allowed a hacker to obtain administration access to the contract without authorization.
OKX DEX: Deprecated Contract Raises Concerns
When a protocol stops actively using a contract to carry out user transactions, it is considered deprecated. It appears that OKX has updated the contract but hasn’t entirely stopped using it.
🚨SlowMist Security Alert: OKX DEX Proxy Admin Owner’s Private Key Suspected to be Leaked🚨
According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist’s analysis, it was found that when users exchange, they authorize…
— SlowMist (@SlowMist_Team)
The claimTokens function of the OKX DEX smart contract experienced a problem, according to blockchain security firm SlowMist. The TokenApprove contract, which required user authorization, invokes the ability to send cash to a trustworthy DEX Proxy.
On December 12, the SlowMist team reported that the OKX DEX Proxy Admin Owner upgraded the DEX Proxy contract with a new implementation. The purpose of this new implementation was to invoke the claimTokens function straight from the DEX contract.
The exchange said that 18 of the approved addresses for the contract had been compromised, and linked the event to the management rights of a cancelled OKX DEX market maker contract being compromised.
Additionally, the exchange pledged to pay back all impacted users. It would also carry out a comprehensive security examination in order to stop something similar from happening again.
We regret to inform you that a deprecated smart contract on OKX Dex has been compromised. We have taken immediate action to secure all user funds and revoke the contract permissions. We are working with relevant agencies to locate the stolen funds and will reimburse affected…
— OKX Web3 (Wallet | DeFi | NFT) (@okxweb3)
OKX Hack: Actual Damages Unknown
According to PeckShield, another researcher specializing in blockchain security, this vulnerability has cost over $2.76 million.
In the last 30 days, OKX DEX is thought to have had over 50,000 active user wallets; however, it is unknown how many users were impacted by the most recent hack.
Users should employ caution while communicating with DeFi protocols, especially those supported by well-known firms in the industry, as highlighted by the OKX DEX breach.
Featured image from Shutterstock