On June 9, 2024, two account holders of the OKX cryptocurrency exchange lost millions of cryptocurrency to an SMS attack or a SIM swap attack. OKX and its security partner SlowMist have started an investigation to unveil the root of this fraud.
Yu Xian, founder of SlowMist said in a post on X that the SMS risk notification came from Hong Kong. The attackers forged unauthorised API keys through which had permissions for withdrawal and trading. The stolen money was syphoned off with the help of these duplicate API keys. A cross trading intention was suspected before, but it has been ruled out. The exact amount stolen is not yet revealed. Yu Xian posted that millions of dollars of assets were stolen.
Initially, the OKX exchange’s two factor authentication (2FA) system was thought to be the vulnerability point through which the attackers entered the platform to conduct fraud. But the founder of SlowMist, Yu Xian, posted on X that he was not sure if the 2FA system made the platform vulnerable.
An analysis by Dilation effect, a Web3 security group, traces the possible path of entry of the fraudsters into the platform. OKX’s 2FA authentication method allowed fraudsters to use a low-security verification through SMS. They could whitelist the wallet addresses and attack them. This is only a possibility and has not been confirmed yet.
How Does 2FA Work?
As the name suggests, 2FA is a two step verification process to ensure that the transactions are made to a valid address. It requires you to complete authentication at two levels to beef up the security of the transactions. The authentication is based on various factors such as knowledge factor, possession factor, location factor or time factor.
The user should first log in with the login credentials such as username or password. Then an authentication detail will be sent to their registered mobile number or email address. They are required to enter this detail to proceed further into the platform.
What Is A SIM Swap Attack?
A SIM Swap attack is a method of conducting fraud where a fraudster transfers the phone number details of another person to their duplicate SIM and uses the OTP details sent to the SIM to login to the user’s account. A survey in the UK has shown that the incidence of SIM swap frauds has increased by 400% in the UK in the last few years.
Fraudsters use social engineering tactics to transfer the SIM details to their custody. This gives them access to the password and details about other financial transactions. The criminals use the method of phishing to get access to the personal details such as the user’s name and authorised ID number.
They use these details to get a duplicate sim card from the network operator. After they activate the duplicate SIM on their device, the fraudsters can get access to the user’s financial transactions by means of the 2FA authentication system. They can access the one time password system and withdraw the assets in the user’s account.
Even though they are so rampant, SIM attacks can be prevented. You should not give away your personal details and bank account details through SMS or phone calls. Such calls from suspicious numbers should be blocked. You should take heed of the fraud alerts and notifications to prevent any malicious activity.
The Bottom Line
The crypto industry was subjected to many online frauds and phishing attacks in June this year. Over 23,723 phishing emails were sent out by fraudsters after the data breach that happened on Coingecko’s third party email management platform GetResponse.
These attempts at fraud are a warning signal to the vulnerability of the decentralised cryptocurrency marketplace. The online platform is not devoid of frauds, so investors should be wary of any such attempts.