CertiK urges immediate iOS update for OKX users amidst major security risk

December 20, 2023 at 10:17 am

News

CertiK urges immediate iOS update for OKX users amidst major security risk

Blockchain security company CertiK has issued an urgent update to OKX wallet users on iPhone following the discovery of a major security vulnerability in the iOS application.

In a post dated Dec. 19 on X, CertiK urgently advised OKX wallet users on iPhones to upgrade their app to the latest version. The security flaw identified in the OKX iOS application posed a risk of compromising sensitive user data and cryptocurrency assets.

https://twitter.com/CertiK/status/1737110916699959433

Earlier this month, Certik identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, “leading to potential compromise of sensitive data and crypto assets,” the blockchain security firm added.

In response, OKX released an update to their iOS application, version 6.45.0, on Dec. 19, addressing this vulnerability. CertiK later confirmed that the security issue had been resolved and stated that no customer assets were affected by this vulnerability.

Thanks @Certik for the note.

We've completed the relevant upgrade & this is no longer an issue. We have verified that this did not impact any customer assets.

The fix has been deployed to iOS version 6.45.0 & we recommend you update the app asap. pic.twitter.com/5HfOnATPeu
— OKX (@okx) December 19, 2023

Quick disclosure sparks debate

However, this incident has raised concerns about the disclosure of such vulnerabilities. MetaMask lead Tay Monahan expressed criticism over the timing of the vulnerability’s disclosure, suggesting that revealing the issue on the same day as the release of the fix could leave many users at risk.

https://twitter.com/tayvano_/status/1737143247980605531

Monahan highlighted the time it typically takes for a user base to update to the latest version of an app, which could range from weeks to months.

Adding to the confusion, there was some discrepancy in the version number of the update containing the fix. While CertiK referred to the updated version as 6.46.0, OKX mentioned version 6.45.0, which was actually released on Dec. 11. The exact version containing the necessary security fix remains unclear.

This incident underscores the vulnerability of cryptocurrency wallets and exchanges to cyber attacks. Recent months have seen a surge in such incidents, including a $114 million theft from Poloniex in November, a $100 million heist involving HTX and the Heco cross-chain bridge, and a $35 million loss by Atomic wallet users in June following an iOS app update.

Hackers’ continuous targeting of these platforms highlights the critical need for robust security measures in the cryptocurrency industry.