Get all your news in one place.
100’s of premium titles.
One app.
Start reading
International Business Times
International Business Times
Business
Nica Osorio

OKX Wallet Users Alerted To Update App Due To A Critical Vulnerability

Blockchain security firm Certik issued a high-risk alert to OKX Wallet users, especially those on iOS, advising them to promptly update the app. This urgent action was prompted by the discovery of a critical vulnerability in the application's previous version.

The warning was issued by Certik's SkyFall team, which identified and reported the critical vulnerability, known as Remote Code Execution, to OKX, a global cryptocurrency exchange platform, earlier this month.

"Attention! We urge users of OKX wallets to update their iOS app to the latest version immediately. Earlier this month, we identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to a potential compromise of sensitive data and crypto assets. The OKX team responded swiftly and issued an updated version today," Certik's tweet read.

This vulnerability, when exploited, allows malicious actors to gain full control over the OKX iOS App. Such control could compromise sensitive data and crypto assets, posing a significant threat to the security of OKX users.

In response to Certik's findings, the exchange promptly acted on the information and released a new version of the iOS app on Tuesday, addressing the critical vulnerability. Users were strongly urged to immediately update the app.

The exchange also reassured users that no customers' assets had been compromised by the vulnerability, even before the fix was deployed.

"We've completed the relevant upgrade & this is no longer an issue. We have verified that this did not impact any customer assets," OKX said. "The fix has been deployed to iOS version 6.45.0 & we recommend you update the app ASAP."

This year, several crypto wallets and centralized exchanges were targeted by malicious actors with Atomic Wallet losing around $35 million worth of Bitcoin, Ether and other tokens in June after an update to a new version.

Last month, crypto exchange Poloniex suffered from a $114 million heist, which was followed by a $100 million attack on HTX and the cross-chain bridge Heco.

Just last week, malicious actors conducted a supply chain attack on Ledger's Connect Kit, affecting several decentralized apps (dApps) and impacted on the entire Ethereum Virtual Machine (EVM) ecosystem.

The attackers targeted Ledger's connector library, which is designed to facilitate communication between physical wallets and multiple decentralized apps and siphoned over $600,000 funds.

After Ledger confirmed the attack and deployed an update to fix the compromised library, wallet provider Metamask claimed that it had also been affected by the incident.

Apart from Ledger and Metamask, several other protocols, including Zapper, SushiSwap, Phantom, Balancer and Revoke.cash, were impacted by the Ledger security incident.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.