Security vulnerabilities in OKX: What users need to know

In a quick analysis of the security settings of OKX cryptocurrency exchange users, serious issues were identified that could lead to the loss of funds in the event of a potential attack. This research was conducted by a group of Web3 security enthusiasts who uncovered numerous vulnerabilities requiring attention.

The analysis, carried out on June 10, 2024, took just half an hour. During this time, researchers found that the OKX security systеm allows bypassing Google Authenticator and utilizing less reliable verification methods such as SMS and whitelisted addresses. These actions create loopholes that could be exploited by malicious actors to steal assets.

One of the key problems is the absence of a 24-hour withdrawal freeze when phone verification, Google Authenticator, and password changes are disabled. This freeze only triggers when logging in from a new device. This significantly increases the risk for users, especially if their account has been compromised.

Additionally, dynamic verification based on the withdrawal amount is not used when withdrawing assets from whitelisted addresses. Researchers noted that other exchanges set limits requiring re-verification for large withdrawals, which greatly enhances security levels.

“These issues were discovered as a result of a quick analysis. It is evident that OKX's security settings lack basic design principles. Likely, to improve user experience, the exchange made numerous security compromises,” the report's authors emphasized.