Low | Medium | High | Critical | Total | |
---|---|---|---|---|---|
Not fixed | 7 | 1 | 1 | - | 9 |
Fixed | - | - | - | - | 0 |
Total | 7 | 1 | 1 | 0 | 9 |
Click to show description
Quick Summary OKX DEX suffered an access control exploit on Dec 12, 2023, resulting in a loss of 2,390,976 USD worth of assets, including USDT, USDC, and WETH. Details of the Exploit OKX DEX, a trading aggregator for cross-chain transactions, experienced an access control exploit on December 12, 2023. The proxy admin owner upgraded the DEX proxy contract to a new implementation contract, which may have led to the compromise of the private key of the OKX DEX. After the upgrade, tokens started being stolen from the platform. The stolen native ETH was distributed between three addresses, while the rest of the stolen stable coins were bridged to Arbitrum and Avalanche chains via Stargate Bridge. The DEX proxy was removed from OKX's platform's trusted list following the incident. The total loss amounted to 2,390,976 USD worth of assets, including 142,034 USDT, 475,929 USDC, and 799.77 WETH. Block Data Reference Attackers Addresses: https://etherscan.io/address/0xFacf375Af906f55453537ca31fFA99053A010239 https://etherscan.io/address/0x0519efacb73a1f10b8198871e58d68864e78b8a5 Funds Holders as of Dec 14, 2023: https://etherscan.io/address/0xfe55502a57f388a69602b2780071b759a520468f https://etherscan.io/address/0x22a2931cb2a7b782d65b2b5562829e84d941b0f0 https://etherscan.io/address/0xa15fe801dd5fd31a684c444b6980dbaf0c78d5ad Malicious Transactions: https://etherscan.io/tx/0x7a9c03576158b08bd896293fffcb11dd2fcc09c3d896335affee9968b4a1db5c https://etherscan.io/tx/0x78bfe55b18e53513b5c17869f39cc9cc21f3d6d2b6b44d1ceb9762789449dcd2 https://etherscan.io/tx/0xf69cf6cc56849be0ee93e8651fdf3622639b7a99e1a620c744f3fef8a5743236 Stargate Bridging Transactions: https://etherscan.io/tx/0xd2b424b17e0959d260df748ef9d8b62120abe64d011ae68e00e8d3874d99ed28 https://etherscan.io/tx/0x444fe10b2487c2c3cfa79fd878f3c0c5f520a9b4e94a44a6ce8e5a2bd8d9dd8b