Leading cryptocurrency platform OKX has implemented extensive application programming interface (API) key security protection measures to increase user safety against external threats.
OKX introduces auto expiry and third-party whitelist
Seychelles-based crypto exchange OKX has announced a gamut of security features that it hopes will boost the protection of its users against bad actors.
In a press statement released on Jan.4, the company announced it would be instituting several security measures centered on API keys, including an auto-expiry feature that automatically terminates API keys with trade and withdrawal permissions that have been inactive for 14 days.
The crypto exchange has also introduced a third-party whitelist that enables users of the platform to link their IP addresses to working third-party networks and guarantees that transactions come from the platforms on the whitelist.
Additionally, the OKX digital architecture will now feature a fast API called Fast Connect, enabling customers to quickly authorize brokers to access, produce, and bind API keys automatically with only one click, adding additional security to the API key binding procedure.
Finally, the press release stated that the new features would include a “risk engine” that will track and alert users to suspicious transactions, allowing OKX to lock down specific accounts to prevent loss.
Growing concern for API key security
OKX’s Chief Marketing Officer Haider Rafique described the new security protection features as the most comprehensive in the crypto sector and expressed hope that users can now leverage the platform without fear.
“Our API safety measures are among the most comprehensive on the market. Traders can use our platform confidently with the knowledge that API keys are protected with multiple layers of security.”Haider Rafique, OKX’s Chief Marketing Officer.
The crypto exchange’s move comes in the wake of growing concerns regarding the security of API keys after hackers accessed more than 100,000 API keys belonging to users of the 3Commas crypto trading tool, resulting in losses running into millions of dollars worth of digital assets.
According to 3Commas, the keys traders used to transact on exchanges like Binance and KuCoin did not originate from 3Commas but from an unnamed malicious platform.
However, the hackers claimed the keys were sold to them by someone inside the company. This claim was strongly refuted by 3Commas CEO Yuriy Sorokin, who insisted there was no evidence of an inside job in the saga.
OKX expressed support for 3Commas following API key hack
In the aftermath of the incident, OKX took to Twitter to support 3Commas and announce a raft of measures it was putting in place to protect its customers from similar attacks.
The measures OKX instituted following the 3Commas hack included transaction monitoring and refreshing API keys for all users impacted by the attack. The new features from OKEX are meant to bolster those earlier measures to enhance the platform’s security.