OKX Suspends DEX Aggregator After Lazarus Attack

OKX, a leading cryptocurrency exchange, has temporarily suspended its decentralized exchange (DEX) aggregator service following the detection of a coordinated attack by the North Korean hacking group, Lazarus. The suspension, announced on March 17, 2025, is aimed at addressing security concerns and implementing new measures to prevent further misuse of the platform's decentralized finance (DeFi) services.

The decision to pause the DEX aggregator service was driven by the need to fix incomplete tagging on blockchain explorers and to roll out enhanced security features. OKX stated that it had consulted with regulators before taking this step, highlighting its commitment to compliance and security. The exchange emphasized that while the DEX aggregator is paused, wallet services will remain available, although new wallet creation will be temporarily restricted in select markets.

OKX has already implemented several security improvements, including real-time tracking to stop malicious addresses on its centralized exchange and a hacker address detection system for its web3 DEX aggregator. These measures are part of a broader effort to ensure that the actual DEXs processing trades are accurately identified, rather than their aggregator. The platform is also collaborating with blockchain explorers to rectify incomplete labeling, further enhancing its security protocols.

The Lazarus Group, notorious for its sophisticated cyberattacks on cryptocurrency platforms, has been linked to multiple high-profile incidents. Notably, the group was involved in the February 21, 2025, hack of Bybit, resulting in the theft of $1.5 billion. In their latest wave of attacks targeting developers, the Lazarus Group has deployed six new malware packages on the Node Package Manager platform to steal credentials and wallet data. Additionally, the hackers have been using fake zoom calls to trick crypto founders into downloading malicious software.

Despite the temporary suspension, OKX has reassured users that its web3 service is purely a DEX aggregator and does not act as a custodian of user assets. The exchange is further strengthening its security by implementing real-time tracking systems to identify and block hacker addresses, ensuring that user funds remain secure. This proactive approach demonstrates OKX's dedication to maintaining the integrity and security of its platform in the face of evolving cyber threats.