OKX Star Clarifies Misunderstanding of "Wallet Vulnerability": Advises Users to Avoid Installing Software or Plugins from Unknown Sources

Odaily News In response to the hacker attack incident carried out by the Wuhan Ansun Technology team exploiting the OKX wallet plugin vulnerability, OKX Star posted on the X platform stating that the OKX wallet security team has completed its investigation. The original description labeling it as an "OKX wallet vulnerability" is inaccurate. Two points need clarification:

1. This incident is not a security vulnerability of the OKX Web3 wallet. The attack method involved hackers controlling the user's device through Trojan software, then stealing locally stored encrypted files and passwords by tampering with webpage JS code to implant hooks, or monitoring keyboard input.

2. The OKX Web3 wallet is a 100% self-custodial wallet. Private keys and passwords exist only on the user's own device; OKX cannot access or control user assets. However, if the user's device itself has been compromised by hackers, then no wallet—including MetaMask—can guarantee security. This is akin to a thief being able to operate your computer and see all your keyboard inputs.

User device security remains a crucial part of the self-custody system. Users are advised to avoid installing software or plugins from unknown sources, regularly check device security, and properly protect their mnemonic phrases and private keys.