Unpacking the OKX DEX Hack: A Detailed Post-Mortem of the Multi-Million Dollar Exploit

Investigating the OKX DEX hack: Understand the timeline and measures taken following a severe security breach that impacted decentralized exchange users.

Connecting the Dots. Image created using DALL-E.

1. Summary:

• Incident: OKX’s decentralized exchange aggregator suffered a $2.7M loss due to a private key compromise.
• Losses were caused by a compromised proxy contract, which was then used to steal funds from users who had approved it.

Figure 1. Stolen funds tracking via MetaSleuth (MetaSleuth, 2023).

2. Background:

• Founded in 2017 and headquartered in Seychelles, OKX is a prominent centralized cryptocurrency exchange ranked 10th globally in terms of trading volume. The platform is known for its extensive offerings, including 324 coins and 482 trading pairs. Additionally, OKX expands its services beyond the centralized exchange model by operating a decentralized exchange (DEX) and a cross-chain bridge aggregator. These aggregators are crucial in compiling data from various trading platforms into one convenient location. Particularly notable is the DEX aggregator, functioning as a liquidity pool that integrates diverse sources of…