Leading crypto firm, OKX has issued a warning after receiving numerous reports from users about suspicious activity related to a mining software called ‘Bom’.
OKX Warns over Wool-Pulling and Theft Linked to ‘Bom’
近期 #OKXWeb3 安全团队也收到了大量用户反馈,访谈后发现,部分被盗用户均曾下载名为【Bom】的挖矿软件。经分析,该软件存在上传用户相册的逻辑,存在作恶嫌疑!(见下图)
⚠️ **如何避免中招:**
1️⃣ 切勿下载来源不明的软件(包括所谓“薅羊毛工具”);
2️⃣ 妥善保管助记词,严禁拍摄或截屏保存!… https://t.co/YnA3NFJ6k7 pic.twitter.com/LVFymXT2DO— OKX中文 (@okxchinese) February 20, 2025
The OKX Web3 security team revealed that it conducted interviews with affected users and discovered that the software was responsible for uploading users’ photo albums, suggesting malicious intent.
The exchange has cautioned users to avoid downloading software from untrusted sources, including so-called “wool-pulling tools.” OKX also reminded users to securely store their mnemonic phrases and avoid taking photos or screenshots of them. According to its X post, The OKX wallet mobile app has already implemented measures to block such actions. Users are advised to stay vigilant and transfer assets away from potentially risky addresses.
The warning comes after a report from blockchain security firm SlowMist, where founder Cos disclosed a theft of approximately $1.24 million.
早上我们也收到这个反馈,又一个群体被盗事件,目前不确定是哪家被盗。根据我们的推测,也可能是历史各种途径的泄露,今天集中被盗,所以才出现不一定是哪家的情况。https://t.co/hhwsLoS5I9
目前攻击者获利价值 124 万美金各类资产,资产分布在十几条 EVM 链,涉及至少 800 多个… pic.twitter.com/ggPj5n5pJC
— Cos(余弦)😶🌫️ (@evilcos) February 14, 2025
Cos revealed that the firm had received additional feedback this morning regarding a group theft incident, though the specific company affected remains unclear. The theft is suspected to have stemmed from a previous security breach, with assets distributed across multiple platforms, including over a dozen EVM chains and involving at least 800 tokens. Many of these stolen assets appear to be linked to “wool-pulling” schemes.
Also Read: Sui Network and OKX Wallet Partner for Enhanced Security
What is Wool-Pulling?
For the uninitiated, wool-pulling is a kind of social engineering tactic. It typically involves misleading people into joining a scheme or downloading malicious software by offering something that appears legitimate or promising (like easy profits, mining software, or free tokens). Once the victim is hooked, their funds are often stolen or compromised.
Also Read: Vietnam Cracks Down on Crypto Mining Scam Group Targeting 200 Victims
