Chinese bitcoin exchange OKEx denied allegations that it was hacked and blamed recent thefts on users who did not properly secure their accounts. As reported in regional media outlets, roughly 10 customers of OKEx and OKCoin -- both owned and operated by the same company…
Chinese bitcoin exchange OKEx denied allegations that it was hacked and blamed recent thefts on users who did not properly secure their accounts.
As reported in regional media outlets, roughly 10 customers of OKEx and OKCoin — both owned and operated by the same company — allege that more than 600 BTC (worth close to $3 million at the time of the theft) — was stolen from their collective accounts in late August. One of those users claims to have lost more than 200 BTC, and several say that their accounts were accessed from German IP addresses.
According to at least one report, the local police are refusing to investigate the incident because bitcoin trading has been banned within the country as part of the country’s crackdown on initial coin offerings, although a few exchanges continue to operate temporarily with the consent of the government.
The alleged incidents occurred more than a month ago, but the Chinese bitcoin exchange is just now publicly commenting on the matter. Lennix Lai, financial market director for OKEx and OKCoin, tweeted that OKEx was not hacked and that “all client assets are safe and sound.”
Moreover, the company published a statement stressing that the incident affected only a few isolated users, not the entire trading platform. The statement attributed the thefts to users who did not properly secure their accounts. Specifically, it implied that the affected users did not have two-factor authentication (2FA) enabled, meaning that their passwords could have been compromised in any number of ways.
It’s important to note that 2FA should be accomplished by linking an authenticator application to your sensitive accounts, not by receiving SMS text messages with one-time use codes. As has been pointed out numerous times, SMS 2FA is insecure because it is often very easy for an attacker to hijack your cell phone number and intercept your text messages.
This unfortunate incident should also serve as a reminder that cryptocurrency holders — especially those who possess a significant amount of funds — should keep the vast majority of their coins and tokens in secure wallets, ideally hardware wallets such as a Trezor or Ledger Nano S.
Featured image from Shutterstock.
Last modified: January 24, 2020 11:33 PM UTC