A booth of OKX cryptocurrency exchange is seen at Hong Kong Web3 Festival, in Hong Kong
Reuters

Blockchain security firm Certik issued a high-risk alert to OKX Wallet users, especially those on iOS, advising them to promptly update the app. This urgent action was prompted by the discovery of a critical vulnerability in the application's previous version.

The warning was issued by Certik's SkyFall team, which identified and reported the critical vulnerability, known as Remote Code Execution, to OKX, a global cryptocurrency exchange platform, earlier this month.

"Attention! We urge users of OKX wallets to update their iOS app to the latest version immediately. Earlier this month, we identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to a potential compromise of sensitive data and crypto assets. The OKX team responded swiftly and issued an updated version today," Certik's tweet read.

This vulnerability, when exploited, allows malicious actors to gain full control over the OKX iOS App. Such control could compromise sensitive data and crypto assets, posing a significant threat to the security of OKX users.

In response to Certik's findings, the exchange promptly acted on the information and released a new version of the iOS app on Tuesday, addressing the critical vulnerability. Users were strongly urged to immediately update the app.

The exchange also reassured users that no customers' assets had been compromised by the vulnerability, even before the fix was deployed.

"We've completed the relevant upgrade & this is no longer an issue. We have verified that this did not impact any customer assets," OKX said. "The fix has been deployed to iOS version 6.45.0 & we recommend you update the app ASAP."

This year, several crypto wallets and centralized exchanges were targeted by malicious actors with Atomic Wallet losing around $35 million worth of Bitcoin, Ether and other tokens in June after an update to a new version.

Last month, crypto exchange Poloniex suffered from a $114 million heist, which was followed by a $100 million attack on HTX and the cross-chain bridge Heco.

Just last week, malicious actors conducted a supply chain attack on Ledger's Connect Kit, affecting several decentralized apps (dApps) and impacted on the entire Ethereum Virtual Machine (EVM) ecosystem.

The attackers targeted Ledger's connector library, which is designed to facilitate communication between physical wallets and multiple decentralized apps and siphoned over $600,000 funds.

After Ledger confirmed the attack and deployed an update to fix the compromised library, wallet provider Metamask claimed that it had also been affected by the incident.

Apart from Ledger and Metamask, several other protocols, including Zapper, SushiSwap, Phantom, Balancer and Revoke.cash, were impacted by the Ledger security incident.

Read more