In a blunt response to a user’s allegation that 50 ETH had been stolen from an OKX Wallet, OKX founder and CEO Star Xu publicly challenged critics to bring forward proof. Xu said anyone who can provide “conclusive evidence” that a backdoor exists in OKX Wallet will be rewarded with 10 BTC, and he urged the platform’s millions of users to help monitor and review the situation.
The claim of the theft was first shared on social media by a user who said funds were taken from their OKX Wallet; the accusation quickly drew attention from the crypto community and security researchers. In the hours that followed, Xu framed the company’s stance as one of openness and accountability, saying security and transparency are “the bottom line” for OKX and that the team welcomes community scrutiny.
Security Showdown
The public reward, a sizable 10 BTC bounty, is meant to put the burden of proof on those alleging a systemic vulnerability rather than on the company alone. OKX has faced scrutiny before around wallet security and platform practices, and the CEO’s offer signals a willingness to let independent researchers test that claim in public. Observers on X and elsewhere are watching to see whether anyone will produce the forensic evidence Xu requested.
OKX said its security team is already looking into the incident and encouraged anyone with relevant information, transaction IDs, wallet addresses, screenshots, or forensic findings to report them through the company’s official support channels so they can be examined.
Independent security researchers and on-chain analysts are likely to dig through public transaction history and the wallet’s codebase; proving a deliberate backdoor would require clear, reproducible forensic evidence such as leaked source code, anomalous on-chain signatures, or logs showing unauthorized access patterns rather than signs of phishing or key compromise.
Reaction from the broader crypto community has been mixed: some praised Xu’s blunt challenge as a welcome step toward transparency, while others urged caution, saying a bounty alone can’t replace regular third-party audits, clearer disclosure practices, and stronger user education around phishing and key management.
As the situation develops, users and security analysts say the key questions will be whether the alleged theft stems from an exploit in OKX Wallet code, a phishing/social-engineering attack on the user, or some other operational lapse, and whether conclusive on-chain or off-chain evidence can be produced. OKX’s public challenge makes the next steps simple: produce verifiable evidence, or let the community and the company investigate further.
