Top

OKX shores up App security following bug discovery

Web3 & Enterprise·December 21, 2023, 12:42 AM

Cryptocurrency exchange OKX has swiftly responded to a recently uncovered security flaw by releasing an updated version (v6.45.0) of its iOS app.

 

User data and asset vulnerability

The flaw was identified by Web3 and blockchain security specialist CertiK. It posed a Remote Code Execution (RCE) vulnerability that had the potential to compromise sensitive user data and crypto assets. Notwithstanding that, no user assets were lost or security compromised.

Taking to the X social media platform on Tuesday, CertiK wrote:

”Attention! We urge users of OKX wallets to update their iOS app to the latest version immediately. Earlier this month, we identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to potential compromise of sensitive data and crypto assets.”

Photo by FLY:D on Unsplash

 

Prompt response

Recognizing the risk, OKX has acted promptly to rectify the issue and commit to protecting user assets. It too followed up on social media with its own announcement:

”Thanks @Certik for the note. We’ve completed the relevant upgrade & this is no longer an issue. We have verified that this did not impact any customer assets. The fix has been deployed to iOS version 6.45.0 & we recommend you update the app asap.”

 

Ongoing exploits

This security incident has played out amid a backdrop that has seen a worrying number of hacks, exploits and vulnerabilities in the crypto space. In recent weeks, hacks at HTX (formerly Huobi), cross-chain bridge Heco and Poloniex have accounted for millions of dollars in losses.

As recently as last week, users of the Ledger hardware wallet were told by the company not to connect to decentralized applications as it had discovered that a malicious version of its Ledger Connect software had been distributed.

 

Industry collaboration

The collaboration between OKX and CertiK in addressing this security concern is demonstrative of how industry actors are having to cooperate in order to deal effectively with these vulnerabilities and threats.

Transparent communication and a swift response in this instance are likely to have played a role in minimizing any potential loss. In a noteworthy development, OKX, in collaboration with Tether, has collaborated with the United States Department of Justice (DOJ) to freeze $225 million in USDT tokens.

This unprecedented action primarily targeted a human trafficking syndicate in Southeast Asia, illustrating the increasing cooperation between crypto entities and law enforcement in addressing illegal activities involving digital currencies.

The immediate resolution of the iOS app vulnerability in this instance resulted in no loss occurring. That outcome underscores the importance of the prioritization of user safety and data security.

With the updated app version (v6.45.0) now available, users can proceed with their crypto transactions with renewed confidence in the platform’s security measures. As the cryptocurrency landscape evolves, crypto platforms and platform users will need to remain vigilant in order to safeguard and protect funds.

More to Read
View All
Web3 & Enterprise·

Aug 10, 2023

Web3 Cybersecurity Firm Zyber 365 Raises $100M in Funding

Web3 Cybersecurity Firm Zyber 365 Raises $100M in FundingZyber 365, a pioneering Web3 startup that combines AI, Web3, and cybersecurity, has recently secured $100 million in funding from the UK-based SRAM & MRAM Group.Photo by micheile henderson on Unsplash$1.2 billion valuationThe substantial investment places Zyber 365’s valuation at an impressive $1.2 billion, while marking a significant milestone for the company, underscoring its promising trajectory.Although now headquartered in London, the company’s origins stem from India with a set of Indian founders, while the firm continues to maintain its strategic operational base in India.The company was founded earlier this year by Pearl Kapur and ethical hacker Sunny Vaghela. The startup stands out for its groundbreaking approach to cybersecurity, offering a decentralized and cyber-secured operating system that upholds the core tenets of environmental sustainability.Indian nucleus of operationsNotably, Zyber 365 has earmarked India as the nucleus of its operations, aiming to harness the nation’s tech talent and vibrant ecosystem to fuel its growth. The recent injection of capital will likely play a pivotal role in amplifying Zyber 365’s expansion initiatives, bolstering its technological capabilities, and cementing its global market presence.The SRAM & MRAM Group, no stranger to the tech investment landscape, has previously demonstrated its confidence in innovative startups. In a similar vein, the group invested $100 million in another India-centric blockchain startup, 5ire, in July of the previous year, valuing it at an impressive $1.5 billion.Broad Web3-based product rangeZyber 365’s portfolio spans a wide spectrum of Web3 products, including Layer-0, Layer-1, and Layer-2 blockchains, decentralized identities, data analytics, a software development kit, a web browser, and even non-fungible token (NFT) marketplaces and initial coin offering (ICO) capabilities.These offerings can be seamlessly integrated as part of a comprehensive Web3 ecosystem or employed as standalone applications tailored to specific user requirements.Sunny Vaghela, the Co-Founder and Chief Product Officer (CPO) of Zyber 365, expressed his enthusiasm about the infusion of capital. He emphasized that this financial boost positions the company to expedite the development of its Web3 and AI products, thereby enhancing its presence in the dynamic tech landscape.Vaghela underscored how Zyber 365’s inventive approach to cybersecurity and its commitment to pioneering technologies set it on a remarkable path toward industry leadership.Mahendra Joshi, Director of the SRAM & MRAM Group, echoed Vaghela’s sentiments, lauding Zyber 365’s exceptional team and disruptive technology. Joshi’s confidence in the investment’s potential to drive outstanding growth and success in the coming years reflects the industry’s anticipation of the startup’s continued evolution.In an era where cybersecurity and innovation are paramount, Zyber 365’s substantial funding from the SRAM & MRAM Group heralds a new phase of growth and advancement. Venture capital investment in the digital assets space has contracted significantly since the last bull market. However, as this deal demonstrates, there are signs of green shoots emerging.With its cutting-edge technology and strategic focus on Web3 and AI, the startup has an opportunity to reshape the landscape of cybersecurity while solidifying its status as an industry trailblazer.

news
Policy & Regulation·

Jun 29, 2023

Incheon Empowers Korean Blockchain Startups with Binance and Undefined Labs as Accelerator…

Incheon Empowers Korean Blockchain Startups with Binance and Undefined Labs as Accelerator OperatorsIncheon Technopark (ITP), a public organization dedicated to promoting startup growth in Incheon, South Korea, has revealed the selection of two accelerator program operators to support ten blockchain ventures. This joint effort between ITP and Incheon Metropolitan City aims to nurture blockchain startups and establish Incheon as a thriving blockchain hub.Photo by Shubham Dhage on UnsplashTwo operatorsA consortium consisting of Web3 gaming studio Ret Games, on-chain risk rating solution developer Undefined Labs, and global cryptocurrency exchange Binance will join forces as a single operator. Venture capital firm Nanuhm Angels will participate as the other operator. Each blockchain venture enrolled in the accelerator program will receive support worth 20 million KRW ($15,000) from one of the two accelerators. The application window will run from June 28 to July 21.Support contentUndefined Labs will provide comprehensive insights into the blockchain industry, covering technology, market trends, and use cases. Binance will offer consultations on business modeling and marketing strategies. Ret Games will share its expertise in developing blockchain services. Meanwhile, Nanuhm Angels will enable participants to test their business models by granting them access to Rotonda’s launchpad. Rotonda is a subsidiary of the Korean crypto exchange Bithumb and operates the Web3 Burrito Wallet.In a recent tweet, Jo Dong-hyeon, the founder of Undefined Labs, expressed his enthusiasm for assisting other companies in entering the blockchain industry.

news
Web3 & Enterprise·

Jul 29, 2023

Checkout.com Partnership Sees Alchemy Pay Extend Global Reach

Checkout.com Partnership Sees Alchemy Pay Extend Global ReachAlchemy Pay, a leading Singapore-headquartered fiat-crypto payment gateway, has announced a major collaboration with Checkout.com, a renowned payment processor serving global digital businesses.The partnership, announced by Alchemy Pay via a blog article published on Friday, allows the firm to seamlessly integrate Checkout.com’s Visa and Mastercard channels into its on and off-ramps, enabling effortless transactions between fiat currency and cryptocurrency worldwide. Furthermore, Alchemy Pay’s NFT Checkout product is also set to incorporate these channels in the near future, expanding the reach of the payment gateway even further.Photo by Jonas Leupe on UnsplashVisa and Mastercard integrationThe company claims that the integration of Visa and Mastercard payment rails via Checkout.com enables it to achieve one of the highest payment acceptance rates in the industry. This seamless integration allows users to easily buy and sell digital assets through Visa and Mastercard using the Alchemy Pay Ramp and NFT Checkout.Checkout.com is a leading global payments solution provider catering specifically to large global enterprise merchants, handling massive transaction volumes daily. In 2021 alone, the company processed hundreds of billions of dollars in payments. Its esteemed clientele includes major names such as Netflix, Farfetch, Grab, Sony, Pizza Hut, and Shein.As a premier payment processor, Checkout.com further strengthens its position by providing crucial support to prominent players in the crypto industry, including Circle and Kucoin, among others. The company’s offerings include higher global acceptance rates, enhanced conversion rates, reduced charge-backs, and comprehensive global coverage through a streamlined entry point.Bridging crypto and fiat economiesBy eliminating obstacles to widespread crypto and NFT service adoption, Checkout.com’s smooth conversion process aligns perfectly with Alchemy Pay’s mission of bridging the gap between fiat and crypto economies on a global scale.Digital assets don’t exist in a vacuum. The history of this new asset class is short, having emerged within a world where we have all engaged with a conventional finance system which continues to hold most of the wealth that exists. It’s vital therefore, that services like Alchemy’s broaden the ability to on and off ramp between crypto and fiat if we are to encourage ever greater participation in the crypto economy.Alchemy Pay has been actively pursuing collaborations with renowned global acquirers and payment processors to streamline its on and off-ramp processes. In April the company announced a collaboration that would see it enable domestic transfer payments in India via India’s Unified Payments Interface (UPI) system to effect crypto purchases. Earlier that month, it secured $10 million in funding from market maker DWF Labs, with the funding earmarked towards expanding the business within the South Korean market.Leveraging its payment channels, Alchemy Pay has successfully connected to key markets worldwide, enhancing its capabilities in global coverage and licensing, while also reducing transaction and operating costs.In addition to strategic partnerships, Alchemy Pay has an impressive track record of securing licenses in various countries and regions, including the United States, Canada, Indonesia, and Lithuania.

news
Loading