Blockchain security firm, CertiK has urged OKX users on IOS devices to update the software to the latest version after it identified a vulnerability with the potential of causing data and asset losses.
In a post on X (formerly Twitter), the firm informed users of the discovery urging them to make the update immediately to avoid being victims of a potential security breach.
🚨 Attention! We urge users of OKX wallets to update their iOS app to the latest version immediately. Earlier this month, we identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to potential compromise of sensitive data and…
— CertiK (@CertiK) December 19, 2023
“Earlier this month, we identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to potential compromise of sensitive data and crypto assets.”
The post also mentioned that the OKX team acted swiftly on the information and released an updated version today.
OKX responds, no assets were lost
The digital asset exchange thanked the security firm for the update adding that the upgrade has been completed and this is no longer an issue.
“We’ve completed the relevant upgrade & this is no longer an issue. We have verified that this did not impact any customer assets.”
OKX revealed that user assets were not impacted by the incident and all issues were fixed with a new IOS version 6.45.0 also urging users to update to the current software.
The bright side is the entire community’s participation to detect potential lapses in the system which has been long advocated by experts. The nature of virtual assets and platforms can require wider participation and incentivized updates to the team.
Over the years, tips from community members have blocked certain glitches and loopholes in decentralized applications (dApps) saving user assets and improving on-chain governance.
Bad actors deploy more techniques
A remote code execution vulnerability like the one identified by CertK allows a bad actor to execute malicious codes on a database which consists of a malware execution or a negative component taking full control of the system.
This potential can result in massive data breaches and loss of assets if an arbitrary code runs on the system and leads to a crash. Bad actors have deployed several techniques to steal user assets leading to warnings of periodic checks by security experts.
In recent months, the market has recorded multiple hacks and bridge attacks resulting in the loss of user assets worth millions and calls for tighter regulations by authorities.
Last week, OKX DEX suffered an attack that drained $2.7 million worth of cryptocurrencies after the private key of an admin was compromised allowing hackers access.
🚨SlowMist Security Alert: OKX DEX Proxy Admin Owner’s Private Key Suspected to be Leaked🚨
According to information from SlowMist Zone, the OKX DEX contract appears to have encountered an issue. After SlowMist’s analysis, it was found that when users exchange, they authorize…
— SlowMist (@SlowMist_Team) December 13, 2023
Onchain analytics firm, Scopescan posted on the incident on X, “The old abandoned MM contract was attacked, and the attack has been located and stopped. The losses of the users involved will be fully borne.” Exploiters transferred funds from addresses that approved assets to the DEX contract.”
Credit: Source link