Cointime

Cointime

Download App
iOS & Android
Home / Security

Slow Mist: OKX DEX Proxy Admin Owner private key leaked

According to SlowMist's report, there seems to be a problem with the OKX DEX contract. SlowMist's analysis found that when users exchange, they authorize the TokenApprove contract, and the DEX contract transfers the user's tokens by calling the TokenApprove contract. The DEX contract has a claimTokens function that allows a trusted DEX Proxy to call it, which calls the TokenApprove contract's claimTokens function to transfer authorized user tokens. The trusted DEX Proxy is managed by the Proxy Admin, and the Proxy Admin Owner can upgrade the DEX Proxy contract through the Proxy Admin.

On December 12, 2023, at 22:23:47, the Proxy Admin Owner upgraded the DEX Proxy contract to a new implementation contract, which directly calls the DEX contract's claimTokens function to transfer tokens. Then the attacker began to call the DEX Proxy to steal tokens. The Proxy Admin Owner upgraded the contract again at 23:53:59 on December 12, 2023, with a similar implementation function, and continued to steal tokens after the upgrade. As of now, the profit is about 430,000 U.

This attack may be due to the leakage of the Proxy Admin Owner's private key. Currently, the DEX Proxy has been removed from the trusted list.

OKX DEX Vulnerability
Comments

All Comments

Recommended for you

  • Cyvers: Mask Network founder suspected of being stolen, losing nearly $4 million

    Cyvers Alerts officials stated that suspicious transactions related to Suji Yan, the founder of the decentralized social protocol Mask Network, were monitored. A suspicious address received nearly $4 million in digital assets, the stolen assets were immediately exchanged for ETH, and transferred to six different addresses.

  • Bybit hackers have laundered 71,000 ETH in the past 24 hours, and have laundered a total of 206,000 ETH

    According to on-chain analyst Yu Jin's monitoring, in the past 24 hours, the Bybit hacker continued to wash away 71,000 ETH (170 million US dollars). From the afternoon of the 22nd until now, 4 and a half days, 499,000 ETH stolen has been washed away 206,000 ETH. An average of 45,000 ETH per day. Now there are still 292,000 ETH (685 million US dollars) left in the hacker's address.

  • Ministry of Public Security: Telecom fraud groups are using blockchain, virtual currency and AI technology to upgrade their criminal methods

     Beijing Business Daily reported that at a press conference held by the Ministry of Public Security on January 10, it was announced that as of the end of 2024, more than 53,000 Chinese criminal suspects involved in telecommunications fraud in Myanmar's northern region have been arrested, and the "Four Major Families" criminal groups in Myanmar's northern region have been successfully destroyed. The Ministry of Public Security pointed out that although the crackdown has achieved significant results, the crime situation is still severe. Fraudulent groups are constantly upgrading their criminal tools using new technologies such as blockchain, virtual currency, and AI intelligence. These groups are well-organized and engage in illegal activities such as cross-border cooperation in app development, traffic diversion and promotion, and money laundering. Fraudsters tailor their scripts to target victims of different ages, professions, and educational backgrounds, and the victims are widespread. Although the telecommunications fraud park near the Chinese border in Myanmar's northern region has been cleared, there are still many fraudulent dens operating overseas under the guise of "technology parks" and "development zones".

  • Hong Kong police cracked down on a scam group that used deepfake technology to trick others into investing in virtual currency, involving about 34 million yuan

    Hong Kong police recently busted a virtual currency fraud group that used deepfake technology to lure others into investing through social media platforms, involving about 34 million yuan. Hong Kong police's commercial crime department arrested 31 people between the ages of 20 and 34 last week in two office buildings in Kowloon Bay, some of whom claimed to be students or unemployed, involved in the same fraud group, and seized their pre-set "scripts".

  • Solv Protocol's official X account was stolen and published false information, please beware of the risks

    according to SlowMist's monitoring, the official X account of Solv Protocol has been hacked and false information has been released. Please stay vigilant and beware of risks.

  • Scam Sniffer: Superchain Eco official X account was stolen and released phishing links, please be aware of the risks

    according to Scam Sniffer, the X account of Superchain Eco (@SuperchainEco) has been hacked and a phishing link has been released. Users should be vigilant of the risks.

  • SlowMist Chief Information Security Officer: In the past two months, North Korean hacker groups have continued to impersonate Hack VC and others to conduct conference fraud

    23pds, the chief information security officer of SlowMist, tweeted that North Korean hacker groups have been continuously impersonating organizations or individuals such as Hack VC and SevenX Ventures for conference fraud in the past two months. Please be aware of the risks.

  • Crypto hackers are using fake job postings to trick victims into downloading malware to steal crypto assets

    security researcher Taylor Monahan (also known as Tay) revealed that crypto hackers have found a clever new way to trick victims into downloading malicious software that allows hackers to access their computers and empty their wallets, or cause other major losses. He said that hackers first impersonate a recruiting officer from a well-known encryption company, offering targets salaries ranging from $200,000 to $350,000. However, this method is not about enticing targets to open a PDF containing malicious software, or to download video calling software disguised as malicious software, but to instruct victims to fix microphone and video access issues, "If you follow their instructions, you're screwed."

  • Cyvers Alerts: Cryptocurrency scams steal $3.6 billion in 2024

    According to Cyvers Alerts system monitoring, the "Ponzi scheme" scam in the cryptocurrency field stole $3.6 billion in 2024, with most of it happening on Ethereum. These scams are cunning, using trust to lure victims into false cryptocurrency investments and then making their funds disappear. With a 40% increase in online threats this year, it is clear that the cryptocurrency field needs stronger defenses and more acute awareness to fight back.

  • Mempool founder: OKX's wallet collection operation cost a total of 254.28 BTC in fees

    Mempool founder @mononautical posted on social media that OKX's wallet consolidation operations from block 846867 resulted in a total of 2385 confirmed and pending transactions, using 357092 inputs, with an average fee rate of 246.65 sat/vb and a total cost of 254.28 BTC (approximately $17.6 million). Mononautical stated that this appears to be caused by a poorly executed automated system that caused itself to bid for transactions, leading to uncontrolled fees.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company