A Major Crypto Exchange Is Facing Account Takeover Attack Using Credential Stuffing
The success of cryptocurrency exchanges these years have made them especially attractive to cybercriminals, attacks of late are targeting a major crypto exchange by credential stuffing attempts.
The attacked exchange is believed to be OKEx, which is currently world’s 5th largest crypto marketplace by trade volume, according to some Chinese crypto investors. China-based blockchain security service provider JohnWick Security Lab also confirmed that.
The incident was first revealed on the evening of Mar. 14 by some users of OKEx, who took it to 8btc Forum (the earliest and largest crypto community in China), claiming a major crypto exchange is experiencing credential stuffing attack that has resulted in some users’ coins stolen.
Credential stuffing is a cybercrime technique where an attacker uses automated scripts to try each credential against a target website. The reason this works is the majority of users reuse the same credentials on multiple accounts. It is allegedly the #1 cause of account takeover.
The concentrated outbreak of the hacking is supposed to occur on Mar.14. The 314 (Mar.14) email remote login has topped the FAQs of OKEx customer service with an auto-reply reading,
The platform has detected that someone is attempting to brute force the security information of your account. We suggest you reset the account login password and bind Google authenticator to ensure the security of your account, at the same time you’d better avoid reuse the same credentials on other websites.
It is difficult to know how many users’ account has been compromised and their losses. OKEx has frozen suspicious accounts, and many users claim they have timely withdrawn their cryptos to wallets when they received suspicious emails.
As cryptocurrencies grow in value, the threats crypto exchanges face continue to grow. Though it is hackers who are responsible for the incident, some users blame the exchange for exposing its users susceptible to attacks and not building a secure enough environment to fend off threats, as the exchange was warned of its vulnerability in data breach by some whitehat hackers last September, but it seemingly made no response and took no measures, according to JohnWick Security.
OKEx seems to be particularly targeted by hackers these days. It is likely suffering phishing attack with a popup warning users of phishing scams once log in the website. The exchange, world’s 5th largest by trade volume, allegedly serves more than 20 million customers in over 100 countries with language support in Chinese, English, Spanish, French, Russian, Vietnamese and Thai.