OKX’s decentralized exchange (DEX) has suffered a loss of over $424,000 following the leak of the Proxy admin’s private key.
According to blockchain security firm SlowMist, the OKX DEX smart contract encountered an issue with the claimTokens function. This function allows a trusted DEX Proxy to transfer funds invoked by the TokenApprove contract, which had to be authorized by users.
The SlowMist team said that the Proxy Admin Owner of the OKX DEX upgraded the DEX Proxy contract with a new implementation on December 12.
This new implementation was designed to directly call the claimTokens function from the DEX contract.
While the exploit emerged from a compromise of Admin Proxy, the OKX team deactivated the DEX. The attacker entity has stolen approximately $424,000 from 18 addresses that had approved asset approval.
Another blockchain security researcher, PeckShield has claimed that this exploit has resulted in a total loss of over $2.76 million.
Also Read: Jito Identifies Multiple Sybil Attackers in Its JTO Airdrop
