Cyber Incident Victim: OKEx
Date:
Feb 2020
Location:
China
Summary
A cryptocurrency exchange and another major trading platform suffered simultaneous distributed denial-of-service (DDoS) attacks, with the first wave targeting OKEx and routing approximately 200 gigabytes per second of traffic, straining its systems. The second wave later impacted both platforms, severely crippling one exchange's throughput for about an hour while prompting the other to implement stricter protections and infrastructure patches. OKEx's CEO initially suggested competitor involvement, though no connection between the incidents was confirmed. Both exchanges resolved the disruptions quickly, with one confirming no overseas clients were affected and the other maintaining core service functionality despite the attacker's attempts to exploit platform features. The attacks occurred shortly after unrelated system maintenance periods.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 27, 2020, at approximately 11:30 AM EST, cryptocurrency exchange OKEx experienced a distributed denial-of-service (DDoS) attack that routed up to 200 gigabytes per second of traffic to its systems. During the attack, OKEx CEO Jay Hao publicly attributed the incident to unnamed competitors via his personal Weibo account. The attack created operational strain but was followed by temporary system maintenance unrelated to the DDoS incident, during which options and futures trading were temporarily disabled. Approximately 17 hours later, at 4:30 AM EST on February 28, a second wave of DDoS attacks simultaneously targeted both OKEx and Bitfinex. Bitfinex's status page documented a one-hour disruption until 5:30 AM EST, during which transaction throughput nearly collapsed to zero, severely impairing platform functionality.
OKEx representatives confirmed the DDoS incidents were contained within short timeframes without impacting overseas clients, explicitly stating the attacks were unrelated to the preceding maintenance window. Bitfinex implemented elevated protection measures post-attack, with CTO Paolo Ardoino revealing attackers exploited multiple platform features concurrently to amplify infrastructure load. Although core services remained unaffected, Bitfinex proactively entered maintenance mode to deploy patches and countermeasures against similar future attacks. While OKEx's CEO initially suggested competitor involvement, no conclusive evidence linked the simultaneous attacks against both exchanges. The short-lived nature of the disruptions limited lasting operational consequences despite significant temporary degradation of service capacity.