OKX Swiftly Addresses Critical Security Flaw in its iOS App After CertiK’s Warning

Prominent blockchain security company – CertiK – issued a warning to OKX users to update their iOS app to the latest version after detecting a vulnerability in it.

According to the update posted on X (formerly Twitter), CertiK first discovered and reported a severe Remote Code Execution (RCE) vulnerability in the OKX iOS App earlier this month.

Using the outdated version posed a risk of “potential compromise of sensitive data and crypto assets,” the firm noted while adding that OKX promptly addressed the issue by releasing an updated version.

“For anyone in doubt of the impact of the risk, we have hard evidence showing that – the vulnerability allows an attacker to fully control the OKX iOS App. You are at high risk of losing your assets if you insist on using an older version.”

OKX Resolves Vulnerability in New Update

While addressing the vulnerability in its iOS wallet app flagged by CertiK, OKX confirmed carrying out the relevant update to fix it.

On its Chinese social media page, the crypto exchange said the bug impacted a third-party application service provider and assured users that no assets were lost.

OKX asserted that the bug did not pose a threat to the security of user assets while urging users to promptly update their iOS app to version 6.45.0, where the vulnerability has been successfully resolved.

“After verification by the platform, no loss of assets or information was found. Currently, this problem has been fixed in IOS version 6.45.0. It is recommended that you complete the APP update as soon as possible. Please rest assured that the security of your assets will not be affected.”

Bad Actors at Play

The vulnerability identified by CertiK in the OKX wallet did not result in any funds being stolen from users, as it was swiftly addressed. However, such incidents are quite rare, as seen in the rising trend of hackers targeting crypto wallets and exchanges in recent months.

As reported earlier, bad actors stole nearly $363 million worth of digital assets in November alone, with Poloniex leading the list with a $114 million loss, followed by a $100 million theft at HTX (formerly Huobi) and cross-chain bridge Heco.

Zooming out, the crypto industry experienced a decline in the volume of hacks in 2023, witnessing a reduction of over 50% compared to the previous year, according to a report by TRM Labs.

The research highlighted that improved security measures, law enforcement actions, and greater industry coordination with exchanges, wallet providers, and blockchain networks have all contributed to the decline in hack volumes.