An X wallet for OKX Web3 confirmed in a post that a deprecated smart contract on OKX DEX had been compromised.
While the official post-mortem is yet to come, analysts at SlowMist said in an X post that OKX DEX proxy admin owner’s private key was likely leaked, allowing hackers to take over the protocol and change its functionality.
Once the protocol was upgraded with malicious functions, attackers began calling the DEX proxy contract to steal tokens from users, who previously gave the protocol permission to interact with their wallets.
According to preliminary estimations, users lost over $430,000 worth of crypto. The attacker’s address is holding $70,000 worth of USDC, $70,000 worth of ELON as well as dozens of thousands of dollars in USDT, BTT and other altcoins, according to Etherscan data.
The OKX Web3 team noted it has revoked the contract permissions and is now working with “relevant agencies to locate the stolen funds.” The developers have also committed to reimburse affected users with $370,000. OKX DEX is a non-custodial crypto exchange aggregator developed by the OKX crypto exchange, which allows users to trade crypto without the need for intermediaries.