Reports from crypto media outlet Wu Blockchain reveal that an OKX user suffered a significant loss of over $2 million in a sophisticated deepfake scam facilitated by artificial intelligence (AI). The perpetrators, armed with Lai J. Fang Chang’s personal data acquired via Telegram, exploited this information to craft a convincing video application through AI manipulation, altering mobile phone numbers.
The fraudulent video, convincingly depicting Chang, managed to deceive OKX platform staff into authorizing crucial changes to Chang’s account, including password resets, email address modifications, and Google Authenticator device alterations. Shockingly, this scheme successfully circumvented all two-factor authentication safeguards, enabling the attackers to swiftly withdraw all of Chang’s cryptocurrency holdings to wallet accounts under their control.
Amidst the aftermath, OKX revealed that the attackers procured the personal information of only “very few” users through forged “judicial documents.” However, the exchange reassured users of taking swift action, compensating those affected by the breach. Furthermore, blockchain security firm SlowMist noted similarities between this incident and others, indicating a potential pattern of exploitation within the platform’s security infrastructure.
Dilation Effect, a prominent web3 security group, pointed out a security loophole within OKX’s system that allegedly allowed attackers to disable Google Authentication or mobile phone verification without triggering a standard 24-hour withdrawal halt. While OKX clarified that the incident was unrelated to the choice of authentication method, the exchange remains committed to bolstering its security measures to prevent future breaches. Despite the severity of the scam, affected users received full compensation from OKX, highlighting the platform’s dedication to mitigating the impact of such malicious attacks on its community.
