Dilation Effect, a group of Web3 security enthusiasts, has conducted an extensive investigation into OKX’s security protocols in response to recent security incidents surrounding the exchange.
Their report, published on June 10, 2024, tried to address questions regarding the platform’s ability to safeguard user accounts from unauthorized access.
The investigation uncovered several critical vulnerabilities within OKX’s security framework. Despite the widespread use of Google Authenticator (GA) for its robust security features, OKX permits users to easily switch to less secure verification methods, such as SMS, particularly during sensitive tasks like adding a whitelist address or initiating withdrawals. While this flexibility may appear convenient, it compromises the security provided by GA, making user accounts more susceptible to hacking attempts.
Moreover, unlike many other platforms, OKX does not enforce a standard 24-hour withdrawal ban following sensitive actions like disabling phone verification, GA verification, or changing login passwords. Typically, this withdrawal ban acts as a crucial safeguard against unauthorized transactions. However, OKX’s omission of this feature prioritizes user convenience over stringent security measures, leaving accounts vulnerable to exploitation.
Another notable vulnerability lies in OKX’s handling of whitelist address withdrawals. Unlike most exchanges that mandate additional verification for withdrawals exceeding a certain limit, OKX’s whitelist feature permits transactions up to the specified limit without further authentication. This oversight heightens the risk of unauthorized fund transfers, placing users’ assets in danger of loss.
Dilation Effect emphasized the importance of properly binding user accounts to GA to avoid exploitation by hackers.
“We would like to remind users again that their account settings must be bound to GA; otherwise, they may unwittingly assist hackers, as email and text messages are susceptible to attacks.“
As of the time of writing, OKX has not issued an official statement in response to the report.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
