A hacker has stolen a total of $430,000 from decentralized cryptocurrency exchange OKX by taking advantage of an alleged leak of the proxy administrator's private key.
According to SlowMist analysts, by exchanging on the platform, users authorize the TokenApprove contract, which then transfers the user's tokens.
The ClaimTokens feature allows a trusted DEX proxy to make a call to it. In this case, the servers are managed by administrators who can make changes to the smart contract independently.
Subscribe to our Telegram channel to get weekly short digests about events that shape the crypto world
On December 12, the owner of one of the servers updated it, allowing it to call ClaimTokens directly to transfer user tokens. The attacker exploited this exploit and stole a total of $430,000.
According to an official statement from the OKX web3 team:
"We regret to inform you that a deprecated smart contract on OKX Dex has been compromised. We have taken immediate action to secure all user funds and revoke the contract permissions."