Cointime

Cointime

Download App
iOS & Android
Home / Security

Slow Mist: OKX DEX Proxy Admin Owner private key leaked

According to SlowMist's report, there seems to be a problem with the OKX DEX contract. SlowMist's analysis found that when users exchange, they authorize the TokenApprove contract, and the DEX contract transfers the user's tokens by calling the TokenApprove contract. The DEX contract has a claimTokens function that allows a trusted DEX Proxy to call it, which calls the TokenApprove contract's claimTokens function to transfer authorized user tokens. The trusted DEX Proxy is managed by the Proxy Admin, and the Proxy Admin Owner can upgrade the DEX Proxy contract through the Proxy Admin.

On December 12, 2023, at 22:23:47, the Proxy Admin Owner upgraded the DEX Proxy contract to a new implementation contract, which directly calls the DEX contract's claimTokens function to transfer tokens. Then the attacker began to call the DEX Proxy to steal tokens. The Proxy Admin Owner upgraded the contract again at 23:53:59 on December 12, 2023, with a similar implementation function, and continued to steal tokens after the upgrade. As of now, the profit is about 430,000 U.

This attack may be due to the leakage of the Proxy Admin Owner's private key. Currently, the DEX Proxy has been removed from the trusted list.

OKX DEX Vulnerability
Comments

All Comments

Recommended for you

  • TrumpAI tokens on Ethereum have been RUG

    PeckShield has monitored that the TrumpAI token on the Ethereum blockchain has fallen by 100%. An address starting with 0x935A sold 5,000,000,000,000,000,000,000 TrumpAI tokens, which is about 26.57 WETH (approximately $80,000). Note: rugpull tokens have the same name as legitimate tokens.

  • WOOFi attacker address has transferred 100 ETH to Tornado cash

    PeckShield monitoring shows that the address marked by the WOOFi attacker has transferred 100 ETH to Tornado cash. The WOOFi attacker has already transferred 2200 ETH (worth about $6.5 million) to Tornado cash.

  • The Base ecosystem Bloom project said it has recovered 90% of the funds stolen in the attack

    On May 10th, Bloom, a decentralized derivatives exchange on the X platform, announced that they have recovered $486,000 (minus 10% for bug bounties) out of the total funds utilized ($540,000). All of these funds will be redistributed to limited partners. 10% of the bug bounty has been agreed upon in exchange for not pressing charges against those who exploited the bug. A compensation plan for limited partners affected by the bug will be completed within the next 24-48 hours. Funds are safe and there is currently no need to revoke contract access.

  • SlowMist: The hacker who stole 1,155 WBTC may be from Hong Kong

    According to SlowMist analysis , the IP address associated with the theft of 1155 WBTC has been traced to Hong Kong (VPN use cannot be ruled out). Earlier reports indicated that a certain address was suspected to be a victim of phishing attacks and lost 1155 WBTC, worth 71 million USD. Subsequently, the fraudsters sold all 1155 WBTC and exchanged them for 22960 ETH, and used a large number of wallet addresses to send and launder the funds.

  • CertiK: The group that stole 1,155 WBTC dispersed the exchanged ETH 8 hours ago

    CertiK stated on social media that the system detected fund transfers from a fraudulent wallet, which can be traced back to a phishing incident on May 3rd where an address lost 1155 WBTC due to malicious address transactions. Starting from 8 hours ago, the scammer continuously split and dispersed the exchanged ETH from the initial address. Previously, the address that stole 1155 WBTC had exchanged the coins for 22960 ETH.

  • Hundre Finance attackers have withdrawn 162.2 ETH worth of crypto assets from Curve

    According to PeckShield monitoring, the attacker of Hundre Finance withdrew 784,000 3Crv from Curve and exchanged it for 273 ETH. In addition, they also exchanged 305.6 WOO, 39 PAXG, 200,000 FRAX, and 100,000 DAI, totaling 162.2 ETH. The attacker then bridged 1,034 ETH (2.17 million USD), 842.8K DAI, 1.11 million USDT, 1.27 million USDC, and 457.3 FRAX from Optimism to Ethereum. They also exchanged a total of 480,000 USDC for 142.6 WETH, 306 WOO, and 39 PAXG. They also exchanged 1.11 million USDT for 500.3 thousand USD worth of DAI and 613.8 thousand USD worth of FRAX. Additionally, on April 15, 2023, approximately 786,000 USD worth of USDC was added to Curve3Pool.

  • GNUS on Fantom was attacked, with a loss of about $1.27 million

    According to Beosin's monitoring, GNUS on Fantom was attacked, resulting in a loss of approximately $1.27 million. GNUS stated on the X platform that due to recent vulnerabilities, hackers were able to mint fake GNUS tokens on Fantom, transfer them to Ethereum and Polygon through the Axelar Bridge, and sell them to existing liquidity pools. We will take a snapshot of the blocks before the exploit. To ensure fairness, please do not purchase GNUS tokens after the exploit, as we will issue new tokens.

  • SlowMist: The total loss from security incidents last week (April 28-May 4, 2024) exceeded US$71.4 million

    According to the weekly security report (April 28 - May 4, 2024) released by SlowMist, the total loss this week exceeded $71,399,000. An incident this week resulted in losses rising from the nine-digit range to the astonishing ten-digit range. Surprisingly, this was not due to complex technical flaws or sophisticated phishing scams, but a simple error that could have been easily avoided by implementing a whitelist. Multiple security incidents include:

  • BONKKILLER is a Pixiu scam, and has withdrawn more than 3,000 SOL liquidity

    SolanaFloor disclosed on X platform that Meme coin BONKKILLER on Solana chain is a honeypot scam, and after freezing the token sales of users, the project party has withdrawn liquidity of over 3000 SOL.

  • Du Jun, Executive Director and CEO of Xinhuo & Founder of ABCDE: Xinhuo Technology and ABCDE will invest 100 million US dollars to support blockchain companies that promote social development

    On April 5th, it was announced that the Bitcoin Day summit, co-hosted by ABCDE, SINOHOPE (stock code: 1611.HK), and OKX Wallet, officially opened at the Regal Hotel in Hong Kong. Du Jun, Executive Director and CEO of SINOHOPE and founder of ABCDE, gave the opening speech.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company