OKX Suspends DEX Aggregator After North Korean Hacking Attempt

On March 17, OKX, a leading cryptocurrency exchange, announced the temporary suspension of its decentralized exchange (DEX) aggregator service. This decision was prompted by the detection of an attempt by the North Korean hacking group Lazarus to exploit the service. The move highlights the ongoing threat posed by advanced cybercriminals to the rapidly evolving decentralized finance (DeFi) landscape.

OKX clarified that while the DEX aggregator is paused, wallet services will continue to be available to customers. However, the creation of new wallets will be temporarily halted in certain markets. The exchange has implemented several security measures to mitigate the threat, including a newly launched system for its Web3 DEX aggregator designed to identify known hacker addresses and a real-time system to track and block the latest hacker addresses within its centralized exchange (CEX) system.

In a statement to its community, OKX acknowledged the incident and framed it within a broader context of targeted media and competitive attacks aimed at undermining the exchange’s operations. The exchange emphasized its commitment to transparency and collaboration, stating that it is working closely with blockchain explorers to correct incomplete labeling. The goal is to ensure that blockchain explorers accurately identify the actual DEX processing trades, rather than mistakenly attributing them to the OKX aggregator. This distinction is crucial for maintaining clarity and accountability within the DeFi ecosystem.

OKX clarified its role as a DEX aggregator, not a custodian of customer assets. The exchange stated that its role is to provide access to liquidity across multiple protocols, offering users the most efficient peer-to-peer trading experience possible. OKX CEO Star Xu further elaborated on the nature of the DEX aggregator service, comparing it to software and service providers in the traditional internet industry. Star Xu stated that OKX DEX aggregators do not touch or store customer’s private keys, nor do they custody customer’s funds. Whatever transaction a customer wants to make, they should use their private key to sign and execute the transaction. OKX web3 has no capability to execute any transaction/trade. Star Xu also highlighted the proactive measures taken by OKX Web3, including prohibited markets’ IP blocking and real-time black address detection and blocking system. He pledged to continue working hard to build industry control standards with global partners.

While OKX has taken swift action to address the security vulnerabilities, the exchange has not yet provided a timeline for the resumption of its DEX aggregator service. The duration of the suspension remains uncertain, pending the completion of the security upgrades and any further consultations with regulators. This uncertainty underscores the complexity of the situation and the thoroughness with which OKX is approaching the issue.