OKX Halts DEX Aggregator Following Lazarus Group Exploits

4 hours ago 18

March 17, 2025 by

  • OKX temporarily halts its DEX aggregator following Lazarus Group’s coordinated exploit attempts to misuse its DeFi services.
  • The exchange suspends services to implement enhanced security measures, though crypto wallet functions remain operational.
  • The move comes amid EU scrutiny over OKX’s alleged role in the laundering of funds linked to the $1.5B Bybit hack.

Crypto exchange OKX has made a drastic move in its continuous fight against cyber attacks, momentarily suspending its decentralized exchange (DEX) aggregator services to avert continued exploitation by the infamous North Korean hacking group, Lazarus Group.

On March 17, OKX made an announcement that it had discovered a coordinated attempt by Lazarus Group to exploit its decentralized finance (DeFi) services. In turn, after consulting with regulatory authorities, the exchange took the proactive measure of shutting down its DEX aggregator to add more security measures.

We are temporarily pausing our DEX aggregator to address incomplete tagging on blockchain explorers while we also roll out new security features. This is to address the recent coordinated attacks by media along with unsuccessful efforts by Lazarus group to misuse our DeFi… pic.twitter.com/r6oHNIaalT

— OKX (@okx) March 17, 2025

“Recently, we detected a coordinated effort by Lazarus Group to misuse our DeFi services,” OKX stated. “After consulting with regulators, we made the proactive decision to temporarily suspend our DEX aggregator services. This move allows us to implement additional upgrades to prevent further misuse.”

While the exchange has not provided a timeline on when the aggregator will return online, it assured users that its crypto wallet services will remain fully operational. However, it said that new wallet creation would be temporarily halted in some markets as an additional precaution.

$1.5B Bybit Hack Ties Put OKX Under EU Scrutiny

The suspension follows reports from Bloomberg on March 11, which claimed that European Union financial regulators were investigating OKX’s DEX aggregator, the Exchange Web3, and its wallet services for allegedly facilitating the laundering of funds linked to the Bybit hack. The breach, which resulted in a $1.5 billion loss for Bybit, saw nearly $100 million allegedly funneled through OKX’s Web3 proxy before a portion of the funds became untraceable, according to Bybit CEO Ben Zhou. 

The Exchange pushed back against these allegations, calling Bloomberg’s report “misleading” and emphasizing that the firm had responded swiftly to the Bybit hack. The exchange stated that it froze any compromised funds from entering its centralized exchange (CEX) and simultaneously developed advanced hack detection tools to prevent similar incidents in the future. 

The Bloomberg article is misleading. Like all other major crypto exchanges, OKX provides a self-custody wallet service/swap feature that serves as an aggregator to create efficiency for the users. When Bybit got hacked, we reacted in two ways. (1) We froze associated funds moving… https://t.co/HUUmA8W2eq

— OKX (@okx) March 11, 2025

“Over the past few days, we’ve faced targeted media attacks questioning our integrity and operations,” OKX wrote in a blog post. “We can’t ignore the fact that these attacks are happening at a time when we are actively fighting against financial crime.”

OKX Strengthens Web3 DEX Security

The Exchange has since introduced a set of enhanced security features for its Web3 DEX aggregator. The exchange has introduced a hacker address detection system, enabling it to track and block the latest addresses associated with cybercrime in real time. The company has also introduced banned market IP blocking to prevent malicious actors from accessing its platform.

“We already rolled out a lot of controls for the Exchange Web3 to fight misuse, including prohibited markets’ IP blocking and a real-time black address detection and blocking system,” OKX CEO Star Xu stated on March 17.  

We already rolled out a lot of controls for OKX Web3 to fight with the misuse including prohibited markets' ip blocking and real-time black address detection and blocking system. We will continue working hard to build the industry control standards with our global partners.

I… https://t.co/9Ct4odJxDF

— Star (@star_okx) March 17, 2025

The Exchange also made it clear that its DEX aggregator is not a custodian of user assets but merely provides access to liquidity on several protocols. That said, it added that some parties have knowingly misrepresented their position in the ecosystem.

As the crypto industry is ever more endangered by cybercriminals sponsored by the state, OKX’s deactivation of its DEX aggregator sends a strong message in opposition to illicit activities. The exchange remains committed to constructing security and working intimately with regulators to ensure that its platform remains resilient to financial crime.

Though the temporary downtime will cause some disruption, users of the Exchange can look forward to a more resilient and secure DEX aggregator when services resume. The battle against crypto-cyber threats is far from over, but OKX’s proactive stance sets an example for how exchanges must deal with evolving security threats.

Related | Market May Wobble, But Lightchain AI’s AI-Blockchain Combo Stays Rock Solid

Read Entire Article