Table of Contents
- OKX Wallet Faces Critical Vulnerability
- Both CertiK And OKX Issue Warnings
- Timing and User Backlash
- Controversy Over Patch Release
With the discovery of a code vulnerability in the OKX Wallet, blockchain security firm Certik is urging iOS users to update their wallet app.
OKX Wallet Faces Critical Vulnerability
Cryptocurrency exchange and blockchain security firm CertiK have issued a joint disclosure regarding a critical vulnerability found in OKX’s iOS wallet. The announcement on December 19 has raised concerns about the potential compromise of user data and crypto assets, prompting immediate action from both companies.
Both CertiK And OKX Issue Warnings
CertiK took to Twitter, urgently advising OKX iOS wallet users to update their apps to the latest version. The security firm identified and reported a critical Remote Code Execution (RCE) vulnerability earlier in the month. An RCE allows a hacker to target a computing device and make remote changes, regardless of the device's location. The team claimed that the severity of the issue necessitated a swift response to mitigate potential risks.
OKX responded to CertiK's tweet, stating,
"We've completed the relevant upgrade & this is no longer an issue. We have verified that this did not impact any customer assets. The fix has been deployed to iOS version 6.45.0 & we recommend you update the app ASAP."
Timing and User Backlash
The timing of CertiK's disclosure has sparked controversy within the crypto community. The bug was revealed just eight days after the release of the fix, leaving users who hadn't updated immediately vulnerable.
Some members of the community expressed concern over the quick disclosure, with METAMASK lead Tay Monahan criticizing it as premature. Monahan questioned the practicality of expecting the majority of OKX's user base to update immediately, given historical trends of slower adoption.
He tweeted,
"Wait wait wait wait hold up … How long does it take [OKX’s] user base to get the majority updated historically? Like, it takes time to roll out updates. Like weeks, months. And yet you’re disclosing there’s a [vulnerability] that could wreck all users remotely THE DAY OF?"
Controversy Over Patch Release
Adding to the complexity, conflicting information has emerged about the release date of the patch. CertiK stated that the relevant update was deployed on December 19, identified by the iOS App Store as version 6.46.0. However, OKX mentioned that the update was deployed in version 6.45.0, which was released on December 11.
The lack of clarity on the actual update containing the fix raises questions about communication between the parties and potentially adds confusion for users seeking to secure their wallets.
