{"id":14222,"date":"2024-06-10T19:52:13","date_gmt":"2024-06-10T16:52:13","guid":{"rendered":"https:\/\/forklog.com\/en\/security-flaws-uncovered-in-okx-settings\/"},"modified":"2024-06-10T19:52:13","modified_gmt":"2024-06-10T16:52:13","slug":"security-flaws-uncovered-in-okx-settings","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/security-flaws-uncovered-in-okx-settings\/","title":{"rendered":"Security Flaws Uncovered in OKX Settings"},"content":{"rendered":"<p>A swift examination of OKX users&#8217; security settings has revealed vulnerabilities that could lead to financial losses in the event of a potential attack. This research was conducted by a group of Web3 security enthusiasts.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"zh\" dir=\"ltr\">\u770b\u5230\u8fd1\u671f\u53d1\u751f\u7684\u51e0\u8d77 OKX \u7528\u6237\u5b89\u5168\u4e8b\u4ef6\uff0c\u4f5c\u4e3a\u666e\u901a\u7528\u6237\uff0c\u6211\u4eec\u5bf9\u653b\u51fb\u53d1\u751f\u7684\u539f\u56e0\u5145\u6ee1\u597d\u5947\uff0c\u4e8e\u662f\u5c1d\u8bd5\u82b1\u4e86\u534a\u4e2a\u5c0f\u65f6\u5bf9 OKX \u7684\u7528\u6237\u5b89\u5168\u8bbe\u7f6e\u505a\u4e86\u4e00\u904d\u5feb\u901f\u5206\u6790\uff0c\u7ed3\u679c\u8ba9\u4eba\u975e\u5e38\u610f\u5916\u3002<\/p>\n<p>\u6ce8\uff1a\u672c\u6b21\u5206\u6790\u7684\u5b9e\u65bd\u65f6\u95f4\u4e3a\u65b0\u52a0\u5761\u65f6\u95f42024\u5e746\u670810\u65e5\u4e0b\u53485\u70b9\u3002<\/p>\n<p>\u2014 Dilation Effect \u81a8\u80c0\u6548\u5e94 (@dilationeffect) <a href=\"https:\/\/twitter.com\/dilationeffect\/status\/1800116534133792841?ref_src=twsrc%5Etfw\">June 10, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The analysts conducted their review on June 10, 2024, spending half an hour on the task. During this time, they discovered that the system allows users to bypass Google Authenticator and switch to less secure verification methods (SMS, whitelisting addresses, etc.).<\/p>\n<p>User actions such as disabling phone verification, Google Authenticator, and changing passwords do not trigger a 24-hour withdrawal freeze. The restriction only activates when logging in from a new device, according to the report.<\/p>\n<p>When withdrawing assets from whitelisted addresses, dynamic checks based on the amount are not employed. Researchers cite other exchanges that set limits requiring re-verification for large withdrawals.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThese issues were identified through a quick analysis. It is evident that OKX&#8217;s security settings lack basic design. Perhaps, to enhance user experience, [the exchange] has made numerous compromises in security,\u201d the report&#8217;s authors speculated.<\/p>\n<\/blockquote>\n<p>Previously, journalist Colin Wu reported on an OKX client who lost over $2 million through AI manipulation.<\/p>\n<p>Earlier in June, <span data-descr=\"Chief Information Security Officer\" class=\"old_tooltip\">CISO<\/span> of SlowMist, known as 23pds, presented a ranking of reasons why individual and institutional investors lose their digital assets.<\/p>\n<p>The thread followed a detailed analysis of an incident where a trader lost $1 million in cryptocurrency on Binance due to a malicious Chrome browser extension, although the user blamed the exchange.<\/p>\n<p>Binance co-founder Yi He denied the platform&#8217;s responsibility for the incident. She noted that the hacker manipulated the trader&#8217;s device through a plugin, and the exchange team could not influence the situation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A swift examination of OKX users&#8217; security settings has revealed vulnerabilities that could lead to financial losses in the event of a potential attack. This research was conducted by a group of Web3 security enthusiasts. \u770b\u5230\u8fd1\u671f\u53d1\u751f\u7684\u51e0\u8d77 OKX \u7528\u6237\u5b89\u5168\u4e8b\u4ef6\uff0c\u4f5c\u4e3a\u666e\u901a\u7528\u6237\uff0c\u6211\u4eec\u5bf9\u653b\u51fb\u53d1\u751f\u7684\u539f\u56e0\u5145\u6ee1\u597d\u5947\uff0c\u4e8e\u662f\u5c1d\u8bd5\u82b1\u4e86\u534a\u4e2a\u5c0f\u65f6\u5bf9 OKX \u7684\u7528\u6237\u5b89\u5168\u8bbe\u7f6e\u505a\u4e86\u4e00\u904d\u5feb\u901f\u5206\u6790\uff0c\u7ed3\u679c\u8ba9\u4eba\u975e\u5e38\u610f\u5916\u3002 \u6ce8\uff1a\u672c\u6b21\u5206\u6790\u7684\u5b9e\u65bd\u65f6\u95f4\u4e3a\u65b0\u52a0\u5761\u65f6\u95f42024\u5e746\u670810\u65e5\u4e0b\u53485\u70b9\u3002 \u2014 Dilation Effect \u81a8\u80c0\u6548\u5e94 (@dilationeffect) June 10, 2024 The analysts conducted their review on [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14221,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1111,1291,167],"class_list":["post-14222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity","tag-okx","tag-research"],"aioseo_notices":[],"amp_enabled":true,"views":"24","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/14222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=14222"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/14222\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/14221"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=14222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=14222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=14222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}