- Amount Lost: $2,390,976.00
- Funds Returned: $0.00
- Category: Exchange (DEX)
- Date: 2023-12-12
Quick Summary
OKX DEX suffered an access control exploit on Dec 12, 2023, resulting in a loss of 2,390,976 USD worth of assets, including USDT, USDC, and WETH.
Details of the Exploit
OKX DEX, a trading aggregator for cross-chain transactions, experienced an access control exploit on December 12, 2023. The proxy admin owner upgraded the DEX proxy contract to a new implementation contract, which may have led to the compromise of the private key of the OKX DEX. After the upgrade, tokens started being stolen from the platform. The stolen native ETH was distributed between three addresses, while the rest of the stolen stable coins were bridged to Arbitrum and Avalanche chains via Stargate Bridge. The DEX proxy was removed from OKX's platform's trusted list following the incident. The total loss amounted to 2,390,976 USD worth of assets, including 142,034 USDT, 475,929 USDC, and 799.77 WETH.
Block Data Reference
Attackers Addresses:
https://etherscan.io/address/0xFacf375Af906f55453537ca31fFA99053A010239
https://etherscan.io/address/0x0519efacb73a1f10b8198871e58d68864e78b8a5
Funds Holders as of Dec 14, 2023:
https://etherscan.io/address/0xfe55502a57f388a69602b2780071b759a520468f
https://etherscan.io/address/0x22a2931cb2a7b782d65b2b5562829e84d941b0f0
https://etherscan.io/address/0xa15fe801dd5fd31a684c444b6980dbaf0c78d5ad
Malicious Transactions:
https://etherscan.io/tx/0x7a9c03576158b08bd896293fffcb11dd2fcc09c3d896335affee9968b4a1db5c
https://etherscan.io/tx/0x78bfe55b18e53513b5c17869f39cc9cc21f3d6d2b6b44d1ceb9762789449dcd2
https://etherscan.io/tx/0xf69cf6cc56849be0ee93e8651fdf3622639b7a99e1a620c744f3fef8a5743236
Stargate Bridging Transactions:
https://etherscan.io/tx/0xd2b424b17e0959d260df748ef9d8b62120abe64d011ae68e00e8d3874d99ed28
https://etherscan.io/tx/0x444fe10b2487c2c3cfa79fd878f3c0c5f520a9b4e94a44a6ce8e5a2bd8d9dd8b
Proof Links: