Has OKX Ever Been Hacked? Security History

 / 
OKX
 / 
2

OKXhas experienced multiple security incidents throughout its history, involving user account theft, compliance fines, and third-party service-related risks.The most notable events are the series of user thefts in June 2024 and the massive fine in February 2025. The exchange has officially pledged full compensation for user asset losses caused by its own platform issues.

OKX Exchange
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!

🛡️ 1. Account Security Incident: June 2024 User Theft Wave

This was a widespread security incident in recent times. In early June 2024, multiple OKX users reported asset theft from their accounts, withone prominent community member claiming losses of over $2 million within 24 hours.

Event Characteristics and Cause Analysis:

  • Hacker Method: Fraudsters purchased users' personal data and used AI-generated videos to apply for changes to phone numbers, email addresses, and even Google Authenticator, bypassing security verification.

  • Security Controversy: Research institutions noted that OKX's security settings allowed "Google Authenticator (GA) to be switched to lower-security SMS verification," enabling security measures to be circumvented.

  • Whitelist Mechanism: Withdrawals to whitelist addresses did not require dynamic verification based on limits; once an address was added to the whitelist, funds could be withdrawn directly within the set limit.

OKX's Response and Handling:

  • Full Compensation: OKX founder Star Xu publicly stated, "For customer asset losses caused by OKX's own issues, OKX will, as always, take full responsibility." Multiple affected users later confirmed they received full compensation.

  • Incident Classification: After an official investigation, it was confirmed that someoneforged judicial investigation documents to obtain information on a very small number of customers. OKX has optimized its judicial cooperation process, introduced verification mechanisms, and upgraded AI facial recognition security levels.

  • Feature Upgrades: In subsequent app versions, withdrawal SMS verification codes were removed and replaced with dual verification via email and authenticator.

⚖️ 2. Compliance Fine: $500 Million Settlement in 2025

In February 2025, OKX's Seychelles subsidiary reached a settlement with the U.S. Department of Justice,agreeing to pay an $84 million fine and forfeit approximately $421 million in revenue, totaling over $500 million.

Violations:OKX admitted that due to historical compliance control deficiencies, itprovided trading services to approximately 32,000 U.S. customersbetween 2018 and 2023, involving $4.21 billion in funds, without obtaining a money transmission license in the U.S.

Impact:OKX Seychelles mustpermanently exit the U.S. marketand undergo independent compliance monitoring for three years. This settlement prompted OKX to comprehensively strengthen its compliance systems, including KYC and anti-money laundering measures.

💻 3. Latest Event in 2026: DEX Aggregator Service Suspended for Compliance

In March 2026, OKX announced theproactive suspension of its DEX aggregator service in the Web3 walletto cooperate with regulatory security upgrades.

Background: Bybit had previously been hacked, with 14.6 billion ETH stolen. Bybit indicated that the hackers used OKX's Web3 platform to launder approximately $100 million in stolen funds. Although OKX's founder emphasized that the DEX is merely a decentralized tool and does not custody user assets,EU regulators intervened in the review, and OKX chose to cooperate by suspending the service.

⚠️ 4. Third-Party Security Risk Events (Not Directly OKX's Responsibility)

In 2025, a user experienced a security vulnerability while using thePhantom wallet, resulting in the theft of approximately $500,000 in assets. The lawsuit alleged that OKX participated in the liquidation of the stolen assets,but the incident primarily involved security design flaws in the wallet service provider itself, with OKX being implicated as a clearing channel.

OKX Exchange
A leading global cryptocurrency platform,suitable for both beginners and experienced traders.
New user benefit: 20% off trading fees upon registration!!

💰 5. Overall Platform Protection Capabilities

OKX officially disclosed thatin 2025, its risk control system helped users recover over $500 million in losses, intercepted over 70 million risk-related messages, and achieved an average black address tracking response time of just 3 seconds. The platform has established a multi-layered security protection system, including malicious DApp detection, device security scanning, authorization management, address tampering protection, and account protective freezing.

What was the biggest user fund loss event in OKX's history?

The series of user thefts in June 2024, involving multiple users with losses ranging from hundreds of thousands to millions of dollars. The official investigation concluded that the attack was carried out using forged judicial investigation documents to obtain user information, and affected users have received full compensation.

Is OKX's security record worse than Binance's?

Both have experienced major security incidents. Binance faced a cross-chain bridge attack (BNB Chain) worth approximately $570 million in 2022, while OKX's issues primarily involved account security (2024) and compliance fines (2025). OKX's compensation commitment and subsequent security upgrades have been validated through practice.

How should users protect their OKX account security?

It is recommended to set up Google Authenticator (GA) anddisable cloud backup features, avoid using SMS as the primary verification method; regularly check withdrawal whitelist addresses; enable login device management; and contact official customer support immediately if any account anomalies are detected. OKX assumes full compensation responsibility for asset losses caused by platform-related issues.