What's OKX Security Assistant?
OKX Security Assistant is an application developed by our security team to protect our Windows users, prevent virus and trojan attacks, and safeguard user assets.
When you receive a risk alert from OKX Security Assistant on a Windows device, it indicates that the current device environment may pose threats to your account and asset security.
Why did I receive a risk alert from the OKX Security Assistant?
OKX Security Assistant performs in-depth detection of your device environment and identifies risk types that are closely related to asset security, such as:
Remote control or trojan-related behavior
Malicious processes running in the background
When a risk item is detected, a pop-up alert will appear. If the risk persists, the alert may reappear periodically until you take action or choose to ignore it.
How do I use OKX Security Assistant?
Log in to our site on the web select the Profile option and select Overview, before selecting Security Assistant in the pop-up panel. You can also select Profile option > Security Center > Security Assistant.
Once you're on the Security Assistant page:
Select View More to learn more details
Select Download and follow the instructions to complete the installation
How OKX Security Assistant looks like on your desktop
When I encounter a risk: should I handle it?
Handling is recommended by default, especially for high-risk alerts.
You can use the following quick judgment method:
Recommended to handle immediately (highest priority)
The risk level is high.
The alert involves private key access, remote control, trojans, or clipboard tampering.
You’ve recently installed software or plugins from unknown sources, run suspicious installers, or opened suspicious attachments.
Can verify first, then handle (but don’t delay long-term)
The risk level is medium, and you can clearly associate it with legitimate software components you installed.
It’s still recommended to verify:
Process path
Source
Whether there’s abnormal auto-start behavior
How do I handle risks?
Please prioritize “clean / uninstall” actions.
Selecting “Minimize / mute / ignore”from the options doesn’t mean the risk is gone. Below are the best practices when it comes to handling risky situations:
What the OKX Security Assistant displays when there's a risk
Single-item uninstall vs. one-click uninstall
Single-item uninstall: suitable when there are only a few risk items and you want to confirm their sources one by one.
One-click uninstall: suitable when there are many risk items and you want to clean them quickly before reviewing.
Minimizing or closing the pop-up doesn’t count as handling
Minimizing only hides the pop-up temporarily and doesn’t record any handling action.
The risk items may still exist and trigger alerts again.
Ignore: use with caution
After ignoring, the risk item enters the ignore list and usually won’t trigger pop-up alerts.
Ignoring equals to the elimination of risk.
Only use this option for items you can 100% confirm are legitimate and must be retained.
Items in the ignore list can be “released.” Once released, they’ll trigger alerts again if detected.
Silent mode: disables pop-ups only
Silent mode disables pop-up notifications, but detection results are still retained (usually shown via tray hover messages such as “unhandled risks exist”).
It’s recommended only for short scenarios like meetings or presentations. Please complete handling as soon as possible afterward.
What if handling fails?
Common reasons for uninstall or delete failures include insufficient permissions, system protection or self-defense mechanisms, or files or processes being in use.
It’s recommended to handle issues in the following order (from easy to hard):
Retry with administrator privileges
Restart the system, then make an attempt again; to release locks or reduce resistance
Clean based on the risk target type
If the alert involves system services, scheduled tasks, or startup items, don’t just delete files—remove them from the corresponding configuration entries first.
Full disk scan (recommended): use trusted security software, update virus definitions, and perform a full scan
Reinstall the operating system
How do I self-check for trojans or address tampering risks?
If you encounter situations such as “deposit or withdrawal address appears to be replaced” or “address changes after pasting,” perform the following checks:
Compare addresses across devices
Compare the deposit or withdrawal addresses shown in the app and on the official website.
If they differ, there may be a risk.
Browser no-plugin or incognito mode comparison
Log in using a browser with no plugins or incognito/private mode and compare the address with the one shown in normal mode.
If they differ, there may be a risk.
Clipboard tampering test
First, record the correct address in Notepad or Notes, then paste it into the input field or address bar.
If it’s automatically changed, there may be a risk.
What should I do if I suspect my device has been compromised?
Whether you’re a CeFi or Web3 user, if you suspect device risks, it’s recommended to take the following loss-mitigation actions first:
Immediately stop trading and sensitive operations
Don’t enter seed phrases or private keys on this device
Don’t perform large transfers or withdrawals
Switch to a trusted device to complete necessary operations
Check for abnormal signs such as:
Unusual logins
Abnormal authorizations
Changes to withdrawal addresses or whitelist settings
Seek official support if necessary, reach out to our OKX Assistant
FAQ
1. After seeing a risk alert, I clicked “minimize.” Can I handle it later?
Yes, but this doesn’t count as handling. For high-risk alerts, it’s recommended to clean as soon as possible and pause sensitive operations first.
2. I’m worried about deleting the wrong thing. Can I ignore it first?
Yes, but remember: ignoring only means “no longer prompting,” not that the risk is gone.
Only ignore items whose sources you can confirm, and review the ignore list regularly.
3. What if the same risk keeps appearing repeatedly?
This is usually caused by leftover startup items, scheduled tasks, services, or reinfection.
Follow here for a thorough cleanup and perform a full disk scan.
4. If I delete something by mistake, can it be restored?
Yes. Click the status and restore it from the deleted process list.
What I should keep in mind?
When making deposits, withdrawals, or transfers, always verify that the address you enter or paste is correct.
If you notice anomalies, stop the transaction immediately and check device security.Trojans and clipboard tampering are common and persistent risk types.
If necessary, consider reinstalling the operating system or performing a factory reset, and seek help from security professionals.If you’re unsure whether a risk item can be safely deleted, prioritize:
“Stop loss first (switch to a trusted device) + investigate later (full scan, read descriptions, provide feedback).”