OKX CEO Star Xu is offering 10 Bitcoin to anyone who can prove the existence of a backdoor in the exchange’s Web3 wallet, addressing growing concerns over user fund security.
Key Takeaways
- Star Xu has announced a 10 BTC bounty for anyone who can provide concrete evidence of a backdoor in the OKX Wallet.
- The offer comes after a OneKey employee accused OKX of enabling wallet exploits that allegedly led to thefts, including one involving 50 ETH.
- Xu stated that the wallet integrates several security layers, such as Google ID and OKX authentication, and welcomed researchers to verify the code.
- The issue arises amid a wider increase in crypto thefts, with over $2.2 billion stolen in 2025 so far, including attacks involving malware and phishing.
What Happened?
A user claiming to be a hardware wallet specialist at OneKey alleged that OKX’s DeFi wallet has a secret backdoor that can compromise users’ private keys. The accusation gained traction after several theft reports, including one involving 50 ETH. In response, OKX CEO Star Xu offered a 10 BTC bounty, worth around $955,000, to anyone who can prove these claims with solid evidence.
OKX Responds to Security Allegations
Star Xu swiftly responded to the claims by calling on the global security community to investigate the wallet. In a public statement, he said:
Xu dismissed the claims but showed openness by inviting external scrutiny, positioning the move as a step toward greater transparency and accountability. He also pointed out that several layers of security protect user assets, including authentication through Google and OKX’s own systems. Furthermore, he shared open-source repositories of the wallet code for researchers to inspect.
While the accuser pointed to broader industry vulnerabilities, alleging that backdoors may not be unique to OKX, others online criticized the claims, suggesting they may be engagement-driven or based on user error rather than technical flaws.
Broader Context of Crypto Security Threats
Xu’s bounty offer comes at a time of heightened awareness around wallet security. According to blockchain analysis firm Chainalysis, crypto thefts in 2025 have already topped $2.2 billion, with about a quarter of that involving personal wallets.
- Chainalysis noted that the number of illicit crypto addresses is expected to rise in 2025.
- Malware and phishing remain key attack vectors, such as the malware-laced printer driver incident tied to Chinese hardware manufacturer Procolored.
- That single exploit alone resulted in the theft of 9.3 BTC, showing how deep and varied the threat landscape has become.
This pattern highlights the persistent risk to retail users, even as crypto platforms tout improvements in user experience and security features.
Inside the OKX Ecosystem
OKX is among the top five global crypto exchanges, processing around $1.5 billion in daily trading volume. It boasts 60 million users, including 5 million DeFi wallet holders. The platform recently rolled out a CeDeFi (Centralized-DeFi) program that allows gasless token swaps on networks like Solana, Base, and its native X Layer.
OKX also faces pressure from unrelated criticisms, such as unaddressed scams on its X Layer chain and concerns over transparency in buybacks of its native token, OKB. Despite this, the platform maintained a 10/10 trust rating on CoinGecko and held over $35 billion in user assets as of October.
CoinLaw’s Takeaway
I think Star Xu’s bold move to offer a 10 BTC bounty speaks volumes about the current state of crypto security. In my experience, when a CEO opens the door to external audits, it’s usually a sign of confidence, not desperation. Still, this isn’t just about OKX. These allegations reflect a broader issue in crypto: users often trust wallet providers without fully understanding the risks. While it’s easy to point fingers, the real solution lies in better transparency, regular audits, and clearer communication from platforms. I’m glad to see OKX putting their money where their mouth is, but I also hope this prompts users everywhere to take wallet security more seriously.
