Rekt reports that OKX's DEX aggregator lost about $2.7 million after a proxy-admin private key compromise allowed a trusted contract to be upgraded and used against users who had approved it. According to SlowMist's analysis quoted in the article, the attacker upgraded the DEX Proxy implementation so it could directly call claimTokens on the DEX contract and transfer authorized user tokens. The report lists relevant contract and attacker addresses, including a suspected attacker funded via Tornado Cash, and notes that OKX acknowledged the affected contract was a deprecated version that was later secured. This is a DeFi/private-key operational-security incident rather than a DPRK-attributed case, but it is relevant as another example of crypto infrastructure losses from compromised privileged keys.