Cointime

Cointime

Download App
iOS & Android
Home / Security

Slow Mist: OKX DEX Proxy Admin Owner private key leaked

According to SlowMist's report, there seems to be a problem with the OKX DEX contract. SlowMist's analysis found that when users exchange, they authorize the TokenApprove contract, and the DEX contract transfers the user's tokens by calling the TokenApprove contract. The DEX contract has a claimTokens function that allows a trusted DEX Proxy to call it, which calls the TokenApprove contract's claimTokens function to transfer authorized user tokens. The trusted DEX Proxy is managed by the Proxy Admin, and the Proxy Admin Owner can upgrade the DEX Proxy contract through the Proxy Admin.

On December 12, 2023, at 22:23:47, the Proxy Admin Owner upgraded the DEX Proxy contract to a new implementation contract, which directly calls the DEX contract's claimTokens function to transfer tokens. Then the attacker began to call the DEX Proxy to steal tokens. The Proxy Admin Owner upgraded the contract again at 23:53:59 on December 12, 2023, with a similar implementation function, and continued to steal tokens after the upgrade. As of now, the profit is about 430,000 U.

This attack may be due to the leakage of the Proxy Admin Owner's private key. Currently, the DEX Proxy has been removed from the trusted list.

OKX DEX Vulnerability
Comments

All Comments

Recommended for you

  • SlowMist: About 55 million DAI that were stolen were sent to different addresses and most of them were converted into ETH

    On August 22nd, according to SlowMist monitoring, approximately 55 million DAI stolen from a user in a previous phishing attack was sent to different addresses, but some were collected again at address 0x8cc568f3565a7ed44b3b0af8765a7ef67b8bc2dc. Most of it was later exchanged for ETH.

  • Cyvers Alerts: A phishing address converted assets into 2,881 ETH and then transferred them to two addresses

    According to Cyvers Alerts monitoring, a fake phishing address exchanged all digital assets for 2881 Ethereum (about $7.66 million), and the stolen funds were subsequently transferred to two different addresses.

  • Ronin COO: Ronin bridge has been temporarily disabled, more information will be released later

    In response to community concerns about the bridge being attacked, Ronin COO Psycheout posted on X platform stating that Ronin Network Bridge has been temporarily suspended as we investigate reports of potential MEV vulnerabilities from white hat hackers. We will soon release more information. The Ronin Bridge currently secures over $850 million in funds.Previous reports suggest that Ronin may have been attacked, involving $9.33 million in funds.

  • ZachXBT: Sydney Sweeney’s X account hacked and linked to hacker Gurvinder Bhangu

    American actress Sydney Sweeney suffered a major cryptocurrency-related hack on X a few weeks ago. On X, blockchain detective ZachXBT published his investigation into the recent hack of Sydney Sweeney's X account, as well as the alleged involvement of convicted hacker Gurvinder Bhangu in the incident. On July 2nd, the actress's X account was hacked, with the attacker promoting the Solana-based token SWEENEY by manipulating the stock price. According to ZachXBT's investigation, Gurv was one of the masterminds behind the hack. Bhangu, also known as "Gurv" in ZachXBT's post, is described as a convicted hacker who served a brief sentence in the UK for hacking into Instagram accounts and extorting users.

  • Cyvers: LI.FI suspected of suspicious transactions, more than 8 million US dollars of funds affected

    According to Cyvers Alerts monitoring, the cross-chain trading aggregator LI.FI has allegedly experienced suspicious transactions, and users are advised to revoke relevant authorizations. So far, more than 8 million US dollars of user funds have been affected, most of which are stablecoins, and the attacker is converting USDC and USDT to ETH.

  • Unstoppable Domains: Official website domains have been attacked, users need to be vigilant

    Unstoppable Domains, a Web3 domain provider, announced on X platform that their official website was under attack. They advised users not to open any emails or use the website until further notice. 0xngmi, the founder of DefiLlama, also stated on X platform that this attack may be related to issues with domain provider Squarespace. Earlier reports suggested that Squarespace's problems with domain registration may have put hundreds of encrypted project domains at risk of attack.

  • SingularityNET CEO X’s account was stolen. Beware of fake links related to AGIX airdrop

    Decentralized AI platform SingularityNET stated that its CEO Ben Goertzel's X account has been hacked and reminded users to be cautious as there is currently no AGIX airdrop plan.

  • Updated list of domains at risk of attack due to Square Space: including Litecoin, Aptos Labs official website, etc.

    The founder of DefiLlama updated the list of projects facing attack risks related to domain registrar Square Space. In addition to the previously listed 103 domains, newly listed domains include syncbond.com, gyro.money, rvrs.app, tempus.finance, rare.fyi, ferrum.network, looksrare.org, ratio.finance, opulous.org, nftearth.exchange, pxswap.xyz, aptoslabs.com, unifiprotocol.com, foundation.app, florence.finance, near.org, safe.global, mantadao.app, meowl.xyz, aftermath.finance, litecoin.org, flare.network, and tna-btc.com.

  • Report: Cryptocurrency breaches cost nearly $1.4 billion this year

    According to the mid-year Web3 security report by cybersecurity company Cyvers, as centralized exchanges become the new point of attack, the total amount of stolen cryptocurrency funds this year has reached nearly $1.4 billion. In the second quarter of 2024, the total cryptocurrency losses exceeded $600 million, an increase of 100% compared to the same period last year. The report stated that the main reason for the surge in stolen funds was a 900% increase in losses from centralized exchanges.

  • Mempool founder: OKX's wallet collection operation cost a total of 254.28 BTC in fees

    Mempool founder @mononautical posted on social media that OKX's wallet consolidation operations from block 846867 resulted in a total of 2385 confirmed and pending transactions, using 357092 inputs, with an average fee rate of 246.65 sat/vb and a total cost of 254.28 BTC (approximately $17.6 million). Mononautical stated that this appears to be caused by a poorly executed automated system that caused itself to bid for transactions, leading to uncontrolled fees.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company