OKX Experiences "User Crypto Theft," Losses Exceeding $1 Million; Official Response: Investigation Results Will Be Released Immediately

During the Dragon Boat Festival holiday, the crypto community was shaken by reports of OKX users lamenting that their accounts were hacked within 15 minutes, resulting in the theft of all tokens stored in their accounts, valued at nearly 5 million RMB. This quickly triggered widespread FUD (fear, uncertainty, and doubt) among many users.

On the 9th of this month, a user named "Leyan" in a Chinese social media group posted on Twitter X platform, stating, "5 million stolen in 15 minutes: How hackers breach OKX to steal user assets without any hindrance." Leyan claimed that all his assets in OKX were stolen by hackers, amounting to nearly 5 million RMB (approximately 22.5 million TWD), which were his lifetime savings.

The sensational headline was intended to attract OKX's attention and prompt action. In the detailed account, Leyan mentioned that "hackers could log into my OKX account and add a whitelist for withdrawals without obtaining my verification code."

In the images posted by Leyan, it was evident that the email containing the withdrawal verification code was still unopened, yet all the tokens in the account had been withdrawn. This led many netizens to question if there was a vulnerability in the OKX system that allowed bypassing the verification code process to withdraw assets.

Similar Cases Within 24 Hours

Coincidentally, similar incidents of OKX users being hacked were reported multiple times within 24 hours. Netizen "Dr.Hash” Wesley" posted a video, claiming that his friend had $1 million stolen, which drew significant attention.

Another netizen, "Ludan," also mentioned that a friend had $800,000 stolen, with similar methods involved:

• The OKX registration email was bombarded with spam.
• The market value was used to frantically buy Ethereum.
• Ethereum was withdrawn using a phone verification code.

The spread of multiple hacking incidents not only caught the attention of OKX but also prompted SlowMist founder Yu Xian, who often tracks down victims in the crypto network, to conduct a preliminary analysis. He noted that the methods used to steal coins from the two victims were remarkably similar, including SMS messages showing locations outside Hong Kong and the creation of new APIs for trading and withdrawing.

Yu Xian indicated that this was a premeditated group operation.

Official Response: Platform Will Take Responsibility

if Accountable The victims described how OKX's customer service did not respond appropriately at the time of the incidents, leaving them disheartened and confused. Under the pressure of numerous netizens, OKX formally responded on Twitter, stating that if it is found to be a platform issue, they will take proactive measures:

“We take the reported ‘user asset theft on the exchange’ situation seriously and have contacted the affected users. We are currently investigating the relevant circumstances. If it is ultimately determined to be a platform responsibility, we will take proactive measures to address it. Additionally, we will announce the results immediately after the investigation concludes. Please be patient and refrain from unnecessary speculation. Thank you for your support.”

Just a few days ago, OKX was reported to have accidentally burned over $10 million worth of BTC while reorganizing wallets with a consolidation program.

With these latest user hacking reports and suspected platform vulnerabilities, the community is deeply concerned. We suggest that users worried about their token assets stored on the exchange withdraw them to a secure wallet until the situation is clarified.