Exchange Takes Action to Prevent Further Misuse by Lazarus Group
Crypto exchange OKX has temporarily suspended its decentralized exchange (DEX) aggregator to prevent its misuse by North Korea’s state-backed hacking group, Lazarus.
OKX announced the decision on March 17, stating, “Recently, we detected a coordinated effort by Lazarus Group to misuse our DeFi services.” The company consulted with regulators before proactively pausing the DEX aggregator to implement security upgrades.
OKX Suspends DEX Aggregator for Review
The OKX helpdesk confirmed that the suspension is part of an “internal review and upgrade” but did not specify when the service would resume. Despite the pause, the exchange assured users that crypto wallet services remain available. However, it will temporarily halt new wallet creation in certain regions.
The decision follows reports that European Union regulators are investigating OKX’s DEX aggregator and wallet services for allegedly facilitating fund laundering from the Bybit hack. On March 11, Bloomberg reported that approximately $100 million from the $1.5 billion Bybit exploit was funneled through OKX’s Web3 proxy, with some funds now untraceable.
OKX Responds to Allegations
OKX has pushed back against accusations, calling the Bloomberg report “misleading.” The exchange explained that after the Bybit hack, it responded by freezing associated funds from entering its centralized exchange (CEX) and developing new security features to detect hacks.
To enhance security, OKX has deployed a hacker address detection system for its DEX aggregator. This includes real-time tracking of hacker-linked addresses, which are blocked from interacting with its CEX.
“We have implemented extensive measures to prevent misuse, including blocking IP addresses from restricted markets and rolling out a real-time black address detection and blocking system,” said OKX CEO Star Xu on March 17.
OKX Clarifies DEX Aggregator’s Role
OKX emphasized that its Web3 DEX aggregator is not a custodian of user assets but simply a tool that connects traders to liquidity across multiple protocols. The company stated that some entities have “deliberately misrepresented” the platform’s role.
Moving forward, OKX plans to improve transparency in DEX trade tracking, ensuring explorers correctly attribute transactions to their respective platforms rather than mistakenly linking them to the aggregator.
