OKX Decentralized Exchange Exploited For $430K in Suspect Private Key Leak

The latest exploit in the world of decentralized finance (DeFi) has impacted the OKX decentralized exchange (DEX). Details are thin on the ground but it appears that a private key was leaked. 

On Dec. 13, blockchain security firm SlowMist reported that there was a suspected leak of the OKX DEX proxy admin owner’s private key. 

OKX DEX Private Key Leak 

Crypto insights firm Scopescan confirmed that users had reported an exploit event on the OKX DEX contract. It contacted the exchange which responded. 

“The old abandoned MM contract was attacked, and the attack has been located and stopped. The losses of the users involved will be fully borne.”

Suspect address activity in OKX DEX attack. Source: Scopescan

SlowMist elaborated further stating that it was found that when users exchange, they authorize the TokenApprove contract. The DEX contract then transfers the user’s tokens by calling this contract.

A claimTokens function in the contract allows a trusted DEX Proxy to make calls. However, the trusted DEX Proxy is managed by the Proxy Admin which can upgrade the DEX Proxy contract.

This was upgraded to a new implementation contract on Dec. 12, it reported before adding: 

“The new implementation contract’s functionality is to directly call the claimTokens function of the DEX contract to transfer tokens. Subsequently, attackers began calling the DEX Proxy to steal tokens.”

 “As of now, the attacker has profited approximately $430,000,” it stated. 

Read more: 12 Best Decentralized Exchanges for 2023

SlowMist suggests that the Proxy Admin Owner’s private key leak may have caused this DeFi exploit. They also added that they have removed the DEX Proxy from the trusted list.

According to Etherscan, the exploiter address holds tokens to the value of $430,000.

The exchange posted an update on its official X (Twitter) feed stating: 

“We are working with relevant agencies to locate the stolen funds and will reimburse affected users with $370k.” 

DeFi Exploits Continue

The OKX DEX has become the latest in a long list of DeFi exploits this year.

Just recently there were major attacks and thefts from Florence Finance, KyberSewap, HTX, and Heco Bridge. 

DeFi RWA platform Florence Finance lost $1.45 million in an address poisoning attack. Furthermore, KyberSwap lost $45 million in a huge hack in November. 

Moreover, Mixin Network, Linear Finance, and Balancer were also DeFi exploit victims over the past few months.