Presently, one of OKEx’s private key holders has completed assisting the authorities in a previously referenced investigation. Throughout this investigation, OKEx was confirmed not to have been involved in any wrongdoing or illegal activities, and the private key holder has now returned to his normal business functions.
OKEx will therefore reopen unrestricted withdrawals on or before Nov. 27, 2020 (UTC) . Prior to withdrawals reopening, our team will conduct strict security checks to resume normal operations of the hot wallet system and ensure the safety of our users’ funds. Because OKEx has insisted on maintaining 100% reserves since its establishment, 100% of user funds can be withdrawn without any restrictions after withdrawals are reopened. Simultaneously, we will also be launching significant user loyalty reward campaigns to express our deep apologies and most sincere gratitude to our community. The details of these reward campaigns will be announced in the next few days.
OKEx has many years of experience safely operating digital wallets, assets and transactions with no major security incidents. We maintain our commitment to ensuring that OKEx will always be a transparent and credible blockchain services company.
Our cold wallet technical solution has previously been published on our site (https://www.OKEx.com/wallet-security). We would also like to take this opportunity to restate the technical details of our hot wallet system below:
By deploying its Online and Semi-offline Risk-Management systems, Semi-offline Multisignature services, big data risk management systems and other protection mechanisms, OKEx's hot wallet system has been running stably and smoothly. Below is a detailed depiction of the withdrawal process.
In regard to withdrawals from OKEx, the Online Risk-Management System checks for withdrawal frequency, as well as for abnormalities in profits and account behavior.
The withdrawal transactions that pass the above checks of the Online Risk-Management System are sent to the Vault System. This system then automatically creates an unsigned transaction. This transaction is then sent to the Signature Task and passed to the Semi-offline Multisig stage via a special network communication protocol for signatures. This process is not an ordinary TCP/IP communication protocol. We define this communication as a semi-offline signature service, in which it is practically impossible for an attacker to obtain the private key on a semi-offline server via an online attack.
On the other hand, the semi-offline servers cannot be compromised even if they are physically attacked, as the private key uses 2-3 multisig technology and is stored in the server's RAM, making it impossible for hackers to access.
OKEx's hot wallet system also has a second layer of risk management: Semi-offline Risk Management. This second system also examines the unsigned transaction to see if its frequency or amount is abnormal, according to the system's regularly updated database. Only when the unsigned transaction in question passes all of the Semi-offline Risk Management checks will it be signed (multisig) and returned to the Vault System. Then, the now-signed transaction will be passed to both the Treasury Service and the Blockchain Gateway Service to be broadcast to the appropriate blockchain network.
If an unsigned transaction fails any risk checks, the Semi-offline Multisig stage will delay/refuse to sign the transaction and will send a report to the Online Risk-Management System. Via the above processes and protocols, the OKEx hot wallet system is able to suspend large withdrawals by malicious users within a short time span and prevents the platform from experiencing online system attacks.
The reason for the suspension of withdrawals in this specific incident was because a private key holder was not able to authorize transactions. OKEx has always used a backup mechanism for private key holders to ensure that each private key holder can trigger the activation of the backup private key in the event of long-term incapacitation, such as death or memory loss.
However, we unfortunately failed to include other specific scenarios, such as private key holders becoming unreachable due to unforeseen circumstances in our contingency plan. In this specific incident, therefore, the ultimate resolution for the private key holder’s short-term incapacitation was not a technical one.
We apologize for any and all inconveniences, and we will strive to improve internal processes as soon as possible to prevent similar situations from happening in the future.
Since its inception, OKEx has strictly complied with laws and regulations around the world, and has established strict Know Your Customer and anti-money laundering mechanisms. We have always cooperated with regulators and firmly believe that in the future, the legal supervision of blockchain and digital assets worldwide will become increasingly robust, allowing service operators to grow and flourish within an established legal framework. At the same time, OKEx will continue to further the field of blockchain application development, increase investments in technology and products, and contribute to the healthy and sustainable development of the industry.
Finally, thank you to all our users and our community for their support and trust in the platform. OKEx promises to continue building more high-quality products and a better user experience.