Is it true that a large number of accounts were stolen from OKCoin's exchange?

According to many users of OKEx and OKCoin, their accounts were stolen and the losses ranged from tens of thousands to millions. According to preliminary statistics, nearly 10 users have reported the loss of 600 bitcoins, worth about 20 million yuan.

On the morning of September 28th, Wang Mouqi's account on the OKEx trading platform was logged in through a German IP address and participated in the transaction of Bitcoin-Ethereum Classic (BTC-ETC) just launched. All positions have been closed and open orders have been cancelled. The illegal intruder used up all the bitcoins in his account within an hour. The account originally had 200 bitcoins, and the estimated loss was over 5 million.

According to reports, the group currently has nine victims, and the number is still increasing. Incomplete statistics show that the amount involved is more than RMB10 million. Users suspect that the OK platform has been exploded, or some exchange employees who shut down the platform have leaked the account information of platform users to hackers. Hackers log on to the platform by cracking the account password through user information, and then complete the transfer of digital assets on the platform.

OKEx is a digital asset contract service trading platform based on the well-known domestic virtual currency trading platform OKCoin International Station, which can be used for currency trading and leveraged virtual currency futures trading. OKEx realizes the free conversion between digital assets in the two functions of leveraged trading and hedging, and users can directly convert bitcoin into Litecoin and ETH with the same amount.

At the beginning of 20 14, OKEx received a series A investment of US$ 0/0 million from Longling, the founder of Meitu (0 1357). HK), a listed company in Hong Kong. According to public information, OKCoin International Station claims to be permanently separated from OKEx account, and the two platforms recharge and withdraw cash independently, but users can still log in to OKEx website directly with OKCoin International Station account.

According to the screenshot given by Wang, the beginning of 95 is the illegally logged-in German IP address. Wang said, 16, he registered an account for bitcoin futures trading on OKEx and logged in almost every day. On the evening of 28th, he found that the account was abnormal, and the account position and 200 bitcoins disappeared out of thin air. The last place to log in was Japan.

Lawyer Liu Chaoqun, director of the Internet Finance Department of Shandong Tian Ju Law Firm, who is in charge of the case, said that OKEx was also stolen. According to the Notice on Preventing Bitcoin Risks issued by five ministries and commissions, including the People's Bank of China, 20 13, Bitcoin is a virtual commodity that can be bought and sold freely. At present, the biggest question about the platform is that a large number of users have been hacked by similar means in a short period of time.

On September 1 day, some users claimed that 468 Litecoin coins in their OKCoin account were only 125, which was 343 less. The user said that there is no need for any password and verification to convert the OKCoin contract account into the spot account, and the developed currency-to-currency transaction has no depth at all, which is easy to be used by people who steal the number, and OKCoin has not provided corresponding protection.

Another user transferred 30 BCC tokens deposited in OKEx to OKCoin on September 16. On September 23rd, the account was invaded again, and 30 BCCs and 27 bitcoins were bought and sold between Bitcoin, Litecoin, Ethereum and RMB for many times, with nearly 1,000 transactions in two hours. Abnormal IP has Russian and Dutch addresses.

"If you change the virtual currency property into legal tender for cash withdrawal, you need to have real-name authentication for the account, and you need to extract the income by knocking or exploding the position." Liu Chaoqun believes that several problems of OKEx platform include: there is basically no trading volume in currency trading at ordinary times, and the trading volume suddenly increases by a hundredfold, and the platform has not done any risk control; There is no email or SMS verification when logging in from different places; Contact the platform immediately after the remote login reminder, and the platform did not respond at the first time; The speed of withdrawing money from the profit account is obviously abnormal, much higher than the normal speed.