The decentralized exchange (DEX) OKX recently fell victim to an exploit resulting in the loss of approximately $430,000. This incident occurred due to a suspected leak of the private key of the owner of OKX DEX’s proxy administrator.
The exploit took place during an update of the DEX Proxy contract, allowing attackers to directly call the claimTokens function of the DEX contract. This function, designed to transfer tokens, became the attack vector when the DEX Proxy was updated by the Proxy Admin on December 12.
According to reports from SlowMist, a blockchain security firm, the leak of the proxy administrator’s private key may have triggered this exploit. The firm also highlighted that, during transactions, users authorize the TokenApprove contract, and the DEX contract transfers the user’s tokens by calling this contract. The claimTokens function allows the trusted DEX Proxy to make calls, and the contract update enabled attackers to steal tokens by calling the DEX Proxy.
The extent of the losses amounts to $430,000, according to Etherscan data showing the value of tokens held by the attacker’s address. In response to the attack, OKX announced that they are working collaboratively with relevant agencies to trace the stolen funds and reimburse affected users. The platform stated that it will fully absorb the losses of the impacted users.
OKX Joins the Victim List
SlowMist took measures to mitigate future risks by removing the DEX Proxy from the trusted list, preventing its participation in authorized transactions. They also pointed out the possibility that the leak of the private key was the underlying cause of the exploit.
This incident adds to the growing list of exploits in the decentralized finance (DeFi) space throughout the year. Projects like Florence Finance, KyberSwap, HTX, and Heco Bridge have also experienced significant attacks and losses. The ongoing series of exploits underscores the constant need for improvements in security and surveillance in the emerging DeFi ecosystem.
According to the blockchain security firm Certik, the third quarter was chaotic in terms of cybersecurity. Losses resulting from various exploits amounted to $700 million. This number is derived from the analysis of 184 incidents that took place between July and September 2023.