The OKX DEX exploit stemmed from compromise of the ProxyAdmin owner for an old trusted DEX proxy contract, enabling the attacker to upgrade the proxy and abuse token approvals to transfer funds from users. The incident caused about $2.7 million in losses after the attacker changed proxy control, gained effective control over the TokenApproveContract path, and invoked claimTokens against wallets that had granted allowances. The source lists the affected OKX DEX, TokenApproveContract, TransparentUpgradeableProxy, ProxyAdmin, and owner addresses, and notes that the exploit activity began on December 12, 2023 at 22:23:47 UTC with a follow-on upgrade at 23:53:59 UTC. OKX responded by removing the compromised proxy from its trusted list, deactivating the affected abandoned contracts, reviewing other abandoned contracts, and pledging compensation to impacted users.