A Chinese Bitcoin trading exchange has denied rumors that it suffered a hacking attack after its users lost a total of $2.5 million in Bitcoins to unknown actors.
On 4 October 2017, OKex, a cryptocurrency exchange which functions as part of the Chinese Bitcoin company OKcoin, acknowledged that several of its users have experienced “abnormal logins” to their accounts in recent months.
For instance, one user spotted someone logging into their account using a Germany-based IP back in August 2017. That unknown hacker sold all the user’s Bitcoins and canceled all pending orders within an hour, reports HackRead. In so doing, they cost the affected user 200 Bitcoins, or around US $850,000 according to current exchange rates.
Other OKex users have reported similar unauthorized sales of their Bitcoins since then. In total, they’ve lost 600 Bitcoins, which is currently worth about US $2.5 million.
Even so, the Chinese Bitcoin trading exchange isn’t taking responsibility for what happened. Just look at what Lennix Lai, financial market director at OKex and OKcoin, has to say about these instances of theft:
#okex was NOT hacked. All client assets are safe and sound.
— Lennix Lai (OKEx) (@LennixOkex) October 2, 2017
Okay, so what’s OKex’s explanation?
As it reveals in its statement, the Bitcoin trading exchange suspects the hacks occurred because users used passwords that were too simple, didn’t store their passwords securely, logged into their account using a malware-infected computer, or reused the password for another web service that might have suffered a breach.
OKex is therefore urging users to enable two-step verification (2SV) on their accounts by installing the Google Authenticator app onto their mobile devices.
No. OKEx was NOT being hacked. Yet several users got password stolen. That's why we issued a reminder for all uses to properly protect their password and a guideline on google 2FA. https://t.co/L5Rv9mkHuT
— OKEx (@OKEx) October 2, 2017
It’s unclear how many OKex users lost Bitcoins to hackers in recent months. As a result, it’s difficult to determine whether the hacking instances were part of a larger campaign targeting the exchange.
They very well could have been. After all, other cryptocurrency platforms have suffered similar thefts since the summer of 2017. It’s not impossible that hackers set their sights on OKex as a whole.
Unfortunately, their decision to do so doesn’t bode well for users wishing to recover their lost funds. OKex hasn’t said anything about working with users to return their stolen Bitcoins. And as most of the world knows by now, the People’s Bank of China declared initial coin offerings illegal in the beginning of September, which means Chinese law enforcement won’t likely get involved.
In the cryptocurrency world, so much rests with each trading platform. Users should therefore do their research and think very carefully before enrolling with a specific service. If they do choose a platform, they need to remember that Bitcoin and other cryptocurrencies aren’t generally insured by entities like the FDIC, and if they are, they are usually covered for up to only a certain amount. That means any sizable losses could likely fall squarely on their shoulders.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.