OKX urges critical update after wallet bug disclosed

cyptouser9 months agoCryptocurrencies News249

Cryptocurrency exchange OKX and blockchain security firm CertiK have disclosed a critical vulnerability in OKX’s iOS wallet, triggering immediate calls for users to update their apps.

The Dec. 19 announcement has sparked controversy over the timing of the disclosure, as concerns rise about the potential compromise of user data and crypto assets.

CertiK posted to Twitter/X:

“Attention! We urge users of OKX wallets to update their iOS app to the latest version immediately. Earlier this month, we identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to potential compromise of sensitive data and crypto assets.“

In a separate announcement, OKX confirmed that it had deployed an update that resolved the issue. It asserted that the bug had not affected customer funds.

The issue appears unrelated to an earlier attack on OKX’s decentralized exchange (DEX) aggregator, which led to $2.7 million in losses around Dec. 12.

Quick disclosure attracts controversy

CertiK’s quick disclosure was criticized by MetaMask lead Tay Monahan, who noted the risk of disclosing an issue on the day of the fix’s release. She wrote:

“Wait wait wait wait hold up … How long does it take [OKX’s] user base to get majority updated historically? Like, it takes time to roll out updates. Like weeks, months. And yet you’re disclosing there’s a [vulnerability] that could rekt all users remotely THE DAY OF?”

There is additionally a lack of clarity around the date of the patch’s release. Whereas CertiK said that the relevant update was deployed in an update today (which the iOS App Store identifies as version 6.46.0), OKX said that the update was deployed in version 6.45.0 (which was released on Dec. 11). Details in the App Store store do not indicate which update actually contains the fix.

Regardless, the bug has been disclosed no more than eight days after the fix’s release, leaving users who do not immediately update at risk.

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

SEC partisan divide could alter Bitcoin ETF approval odds, former SEC attorney predicted

According to former SEC attorney John Reed Stark the current SEC, under the chairmanship o...

Binance France changes ownership following regulator warning

Binance France changes ownership following regulator warning

55966e89˃Binance France has new shareholders who own 100% of the company equally between them. The m...

MicroStrategy's Michael Saylor cites spot Bitcoin ETF applications, upcoming halving as bullish signals

Michael Saylor, founder and executive chairman of MicroStrategy, discussed his company’s Bitco...

Binance executive remains detained as Nigerian court postpones case

Crypto exchange Binance, currently facing criminal charges in Nigeria, notably lacked legal represen...

ARK and 21Shares drop staking plans from Ethereum ETF proposal

55966e89˃ARK Invest and 21Shares removed their staking plans from their updated spot Ethereum ETF pr...

Argentina legalizes Bitcoin for contract settlements

Argentina’s new government has officially legalized the use of Bitcoin and other cryptocurrencies fo...