OKX urges critical update after wallet bug disclosed OKX urges critical update after wallet bug disclosed
While OKX insists no user funds have been affected by the vulnerability, its handling of the issue has drawn criticism.
2 min read
Updated: Dec. 19, 2023 at 10:54 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Cryptocurrency exchange OKX and blockchain security firm CertiK have disclosed a critical vulnerability in OKX’s iOS wallet, triggering immediate calls for users to update their apps.
The Dec. 19 announcement has sparked controversy over the timing of the disclosure, as concerns rise about the potential compromise of user data and crypto assets.
CertiK posted to Twitter/X:
“Attention! We urge users of OKX wallets to update their iOS app to the latest version immediately. Earlier this month, we identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, leading to potential compromise of sensitive data and crypto assets.“
In a separate announcement, OKX confirmed that it had deployed an update that resolved the issue. It asserted that the bug had not affected customer funds.
The issue appears unrelated to an earlier attack on OKX’s decentralized exchange (DEX) aggregator, which led to $2.7 million in losses around Dec. 12.
Quick disclosure attracts controversy
CertiK’s quick disclosure was criticized by MetaMask lead Tay Monahan, who noted the risk of disclosing an issue on the day of the fix’s release. She wrote:
“Wait wait wait wait hold up … How long does it take [OKX’s] user base to get majority updated historically? Like, it takes time to roll out updates. Like weeks, months. And yet you’re disclosing there’s a [vulnerability] that could rekt all users remotely THE DAY OF?”
There is additionally a lack of clarity around the date of the patch’s release. Whereas CertiK said that the relevant update was deployed in an update today (which the iOS App Store identifies as version 6.46.0), OKX said that the update was deployed in version 6.45.0 (which was released on Dec. 11). Details in the App Store store do not indicate which update actually contains the fix.
Regardless, the bug has been disclosed no more than eight days after the fix’s release, leaving users who do not immediately update at risk.
Mentioned in this article
Author 
Mike Dalton
Before transitioning to crypto writing in 2018, Mike studied library and information sciences. Currently, he resides on Canada's West Coast.
Editor Editor 
Jacob Oliver
Jacob Oliver is a recovering academic and English teacher turned crypto journalist and web3 writer. He holds a Ph.D. from the University of Washington.
In this article
CertiK
Founded in 2018 by professors of Yale University and Columbia University, CertiK is a pioneer in blockchain security, utilizing best-in-class AI technology to secure and monitor blockchain protocols and smart contracts.
OKX
OKX is a world-leading digital asset exchange, providing advanced financial services to global traders by using blockchain technology.
Taylor Monahan is the founder & CEO of the popular Ethereum wallet MyCrypto.