What to do if your OKX account may be hacked: contain risk first, recover access second

When an account looks compromised, the first goal is to stop further damage. Recovery works better after you secure email, password and 2FA in the right order.

Who this guide is for

• Useful if you see unknown devices, strange orders or withdrawal alerts
• Contain exposure before chasing every detail
• Email and 2FA security often matter more than changing one password alone

Suggested path

1. First confirm whether you still control the linked email, phone and 2FA method, then secure those entry points immediately.
2. If the account is still accessible, review device history, API access, withdrawal whitelist and security notices, and remove anything unfamiliar.
3. Then use the official recovery flow to reset password, verify identity and rebuild 2FA instead of relying on random links or messages.
4. After access returns, review the likely cause such as email compromise, weak passwords, phishing pages or shared-device exposure.

Key checks

• suspicious login
• contain risk
• recovery order

FAQ

Is changing only the OKX password enough?

Usually not. If email or 2FA is exposed, the account can still be at risk.

What should I do first after spotting suspicious trades?

Regain control of the account, email and security settings before anything else.

What should I review after recovery?

Login history, devices, API permissions, whitelist settings and all recent security alerts.

Next move

Once you enter OKX, use the live platform page as the final source for fees, eligibility and campaign rules.