Sophisticated deepfake AI hack nets over $2m in stolen funds from OKX user
Scammers have stolen $2 million worth of cryptocurrency assets from a customer of the crypto exchange OKX.
According to WuBlock, the attackers “purchased” the identity information of Lai Japanese Fang Chang. The information was allegedly leaked in a Telegram data breach.
Using these sensitive details, the scammers accessed Chang’s OKX account. They then proceeded to take the account under their control using the “forgotten password” option.
By assuming Chang’s identity, the bad actors proceeded to change all his security settings, even going so far as to employ a deepfake video of the victim that managed to alter his email ID, phone number, and even his Google authenticator settings.
Within 24 hours following the user being alerted of the change, his account lost over $2 million worth of various crypto assets.
According to Wu, OKX has responded by acknowledging that the user’s account has been stolen. The platform is currently helping the victim recover his account.
Reportedly, the firm has also taken legal action against the attackers.
Amidst this backdrop, an X user recalled an earlier attack on an OKX wallet, with the victim losing 50,000 Trc-20 USDT.
These attacks were preceded by a $430,000 exploit on OKX Dex. Back then, security firm SlowMist had reported that the OKX DEX proxy admin owner’s private key had allegedly leaked.
The leak resulted in hackers gaining control of the protocol and allowed them to alter it with malicious functions. This allowed them to steal funds from users who had given the protocol permission to interact with their wallets.
OKX had to revoke contract permissions to prevent further damage.
Centralized cryptocurrency exchanges have been a common target for attackers.
Last week, Japanese crypto exchange DMM Bitcoin was hacked for $305 million. Prior to that, Estonia-based crypto exchange CoinsPaid was hacked for over $7 million.
With the onset of AI-powered tools, hackers now have a powerful weapon in their arsenal. Deepfake videos are being employed to dupe market participants.
As such, there have been industry-wide concerns over the ethical implications of AI use.