OKX Suspends DEX Aggregator After Lazarus Group Attack

Cryptocurrency exchange OKX has announced the temporary suspension of its decentralized exchange (DEX) aggregator in response to a series of targeted attacks and an attempt by the Lazarus Group to exploit its platform. This move comes after the $1.5 billion hack on Bybit, which drew regulatory attention to OKX's platform due to concerns about its potential use for money laundering.

In a statement released on March 17, OKX revealed that the Lazarus Group, a notorious North Korean hacking organization, had conducted a "coordinated effort" to misuse its DeFi services. This prompted the company to take decisive action, including the temporary suspension of its DEX aggregator services, after consulting with regulators. The Lazarus Group is known for using DeFi platforms to launder stolen funds, as these platforms often allow transactions without strict Know Your Customer (KYC) requirements.

OKX clarified that the suspension is intended to implement additional upgrades to prevent further misuse. The company is also working with blockchain explorers to correct what it describes as "incomplete labeling," where its aggregator was mistakenly identified as the point of trade, rather than the underlying DEX. OKX Web3 operates as a DEX aggregator, facilitating trades across multiple decentralized exchanges, and does not hold custody of user funds. The firm's role is to provide access to liquidity across multiple protocols, offering users the most efficient peer-to-peer trading experience possible.

In response to the Lazarus Group's activities, OKX has launched a "hacker address detection system" for its DEX aggregator and a system to track and block hacker addresses across its centralized exchange (CEX) platform in real-time. The company alleges that some parties have deliberately misrepresented their Web3 platform, which they believe undermines both the company and the digital asset sector. OKX has pledged to continue innovating and advocating for a more transparent and responsible digital asset space, promising further updates in the near future.

Following the Bybit attack, OKX, along with other crypto firms, publicly voiced support for the exchange. However, OKX has been under scrutiny for allegations that its Web3 services were used to launder stolen funds from the Bybit hack. Regulators are investigating whether OKX’s Web3 service falls under the EU’s new Markets in Crypto Assets (MiCA) regulations. The Lazarus Group allegedly used the service to transfer stolen funds across various exchanges and blockchains.

In response to the investigation, Haider Rafique, OKX’s Chief Marketing Officer, stated that the claims were misleading. The company maintains that its Web3 service operates similarly to other self-custody wallets and exchange aggregators in the industry. Rafique also noted that OKX froze funds associated with the Bybit hack that entered its CEX and developed new security measures to detect and block malicious addresses. The exchange cooperated with law enforcement and Bybit’s legal team to provide technical support to track hackers’ wallet addresses in real-time.