A customer of the crypto exchange OKX fell victim to scammers who managed to steal $2 million in cryptocurrency assets. WuBlock reported that the scammers obtained the identity information of Lai Japanese Fang Chang through a Telegram data breach.
Using this sensitive information, the scammers were able to access Chang’s OKX account and take control by exploiting the “forgotten password” option. By assuming Chang’s identity, the scammers changed all security settings, including using a deepfake video to alter his email ID, phone number, and Google authenticator settings.
Within 24 hours of the user being notified of the changes, over $2 million worth of various crypto assets were lost from the account. OKX has acknowledged the theft and is assisting the victim in recovering the account. Legal action has also been taken against the attackers.
This incident follows a previous attack on an OKX wallet where a victim lost 50,000 Trc-20 USDT and a $430,000 exploit on OKX Dex. Security firm SlowMist had reported that the OKX DEX proxy admin owner’s private key was leaked, allowing hackers to gain control of the protocol and steal funds from users.
Centralized cryptocurrency exchanges continue to be targeted by attackers, with recent hacks on Japanese crypto exchange DMM Bitcoin for $305 million and Estonia-based exchange CoinsPaid for over $7 million. The rise of AI-powered tools has given hackers new capabilities, including the use of deepfake videos to deceive market participants.
Concerns have been raised across the industry regarding the ethical implications of AI use in these types of attacks. OKX Jumpstart recently introduced a BTC staking option for mining Runecoin, providing users with a new way to engage with the platform.