Sophisticated deepfake AI hack nets over $2m in stolen funds from OKX user

Fraudsters stole $2 million worth of cryptocurrency from a customer of crypto exchange OKX.

According to WuBlock, attackers “bought” the credentials of Lai Japon Fang Chang. The information was allegedly leaked due to the Telegram data breach.

Using these sensitive details, the fraudsters accessed Chang’s OKX account. They then took control of the account using the “I forgot my password” option.

Bad actors assumed Chang’s identity and proceeded to change all of his security settings; They even went so far as to use a deepfake video that managed to manipulate the victim’s email ID, phone number, and even Google authentication settings.

Within 24 hours of the user being alerted to the change, his account lost over $2 million in various crypto assets.

According to Wu, OKX responded by admitting that the user’s account had been stolen. The platform is currently helping the victim recover their account.

It was also reported that the company took legal action against the attackers.

In this environment, an X user recalled a previous attack on the OKX wallet and the victim lost 50,000 Trc-20 USDT.

前不久,我的一位朋友在使用OKX钱包时遭遇页面劫持被盗5万USDT(波场TRC20)。

OKX钱包的“补充GAS”替换成“更新波场账户所有者权限”,在用户界面无感知的情况下骗取授权，进而控制受害者的波场账户实现盗币。… pic.twitter.com/kXauBBBd0T

— NingNing (🌿,👻) (@0xNing0x) June 4, 2024

These attacks were preceded by a $430,000 exploit on OKX Dex. At the time, security firm SlowMist reported on the alleged leak of the OKX DEX proxy manager owner’s private key.

The leak allowed hackers to take control of the protocol and modify it with malicious functions. This allowed them to steal money from users who gave the protocol permission to interact with their wallets.

OKX was forced to cancel contract permits to prevent further damage.

Centralized cryptocurrency exchanges have become a common target of attackers.

Last week, Japanese crypto exchange DMM Bitcoin was hacked for $305 million. Before this, Estonia-based crypto exchange CoinsPaid was hacked for more than $7 million.

With the introduction of AI-powered tools, hackers now have a powerful weapon in their arsenal. Deepfake videos are used to deceive market participants.

As such, there are industry-wide concerns about the ethical implications of using AI.