OKX DEX, a decentralized exchange and cross-chain bridge aggregator, has fallen victim to an exploit, leading to the loss of approximately $400,000 in authorized wallets associated with the platform. Blockchain security firm SlowMist conducted an analysis revealing that the issue lies in the authorization process during exchanges on the platform. Specifically, users authorize the TokenApprove contract, which facilitates the transfer of authorized tokens by the DEX contract. The DEX contract includes a claimTokens function that permits a trusted DEX Proxy, managed by the Proxy Admin, to make calls and transfer tokens on behalf of users.
On December 12, an upgrade was made to the DEX Proxy contract by the Proxy Admin Owner via the Proxy Admin, introducing a new implementation contract that directly called the claimTokens function of the DEX contract to transfer tokens. Exploiting this upgrade, attackers began making unauthorized calls to the DEX Proxy, leading to the theft of tokens. The Proxy Admin Owner performed another contract upgrade later that day, providing further opportunities for ongoing token theft.