How to Identify and Handle Phishing Websites on OKX
Phishing websites fake the domain, not the page content — if the URL differs by just one letter but the page looks identical, it's a phishing site.The only reliable way to identify a phishing website: ignore what the page looks like, and check whether the URL iswww.okx.com.Handling is even simpler: close the page and do not enter anything.
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!
1. Identification: Three Common Scenarios Where You Can Be Tricked
Check the domain, don't trust the content.Phishing websites often copy OKX's color scheme, logo, and layout, or even directly steal the official page code — visually, they are indistinguishable. But the URL gives them away. They may use similar-looking domains likewww.okx.com.xyz,www.0kx.com, orwww.okx-login.com. Remember one rule:The official OKX website is onlywww.okx.com. Any extra character, missing character, or changed letter means it's fake.
Don't search for "OKX" on a search engine and click the result.Many phishing sites buy pay-per-click ads, so the top results may all be fake. The safest approach:manually typewww.okx.cominto your browser's address bar, then bookmark it and always access it via your bookmark.
Official emails include an anti-phishing code; fake ones do not.This is a filtering method recommended by OKX. Go to [Security Center] and set a unique "anti-phishing code." After that, every official email from OKX will include this code. If the email body does not contain your code, treat it as a phishing email and do not click any links.
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!
2. Handling: What to Do If You Enter a Phishing Website
Two steps:first check your account, then report it to the official team.
Step 1: Check and reset security settings.If you entered your account password or other information on the page, immediately:
Change your login password (do not use a variation of your old password for the new one).
Check if Google Authenticator is still bound to your phone; if anything seems off, reset it immediately.
Review your API key list and delete any keys you did not create.
Check "Device Management" and remove any unrecognized login sessions.
If you authorized a wallet (Web3 wallet) on the phishing site, immediately use the OKX Web3 wallet's "Authorization Management" feature to revoke all high-risk authorizations.
Step 2: Report to the official team.In the app, go to [Profile] → [Security Settings] → [Report Fraud or Suspicious Activity] → fill out the report. When describing, try to provide: time of the incident, amount involved, suspicious transaction records, and relevant screenshots. The platform will keep this information confidential.
If you find that your assets have already been transferred, follow the "Account Compromised" procedure — first transfer any remaining assets, then contact customer service to freeze the account, and finally file a police report.
FAQ
I clicked a phishing link but didn't enter any information. Is there any risk?Simply opening the link without downloading any files, entering information, or authorizing a wallet carries low risk. However, phishing sites may exploit browser vulnerabilities to inject tracking scripts. It is recommended to clear your browser cache and cookies, then restart the browser.
A phishing site asked me to "verify my wallet." What are the risks of this authorization?If you authorize a malicious contract, hackers can transfer tokens from your wallet. Such authorizations often appear as Approve, Permit, Permit2, etc. After you sign, hackers can directly transfer your assets. To handle this, go to the authorization management page in your OKX Web3 wallet and revoke all authorizations you did not actively use.
I entered my phone verification code on a phishing site. What will happen?The phone verification code is usually the last line of defense for logging in, withdrawing funds, or changing security settings. Once hackers obtain it, they can reset your security settings. Immediately change your login password and fund password, and check the binding status of Google Authenticator. If you notice anything unusual, contact customer service immediately to freeze your account.
Identifying phishing websites doesn't require technical skills. The core principle is one sentence:Only trustwww.okx.comas the official URL; do not click any links from unknown sources.Set up your anti-phishing code, and every time you receive an email, check if it contains your code — these two habits will filter out 99% of phishing risks.
