Crypto exchange OKX has temporarily halted its decentralized exchange (DEX) aggregator in response to security concerns and recent “attacks” targeting its platform.
The exchange announced the pause on Sunday, citing the need to address incomplete blockchain tagging and implement new security features to prevent misuse by malicious actors.
We are temporarily pausing our DEX aggregator to address incomplete tagging on blockchain explorers while we also roll out new security features. This is to address the recent coordinated attacks by media along with unsuccessful efforts by Lazarus group to misuse our DeFi… pic.twitter.com/r6oHNIaalT
— OKX (@okx) March 17, 2025
Blockchain tagging refers to the process of labeling transactions on a blockchain to accurately identify and track them on explorers.
“We detected a coordinated effort by Lazarus group to misuse our defi services,” the company said. “At the same time, we've noticed an increase in competitive attacks aiming to undermine our work.”
The move comes amidst scrutiny of OKX’s role in the alleged laundering of $100 million from the Bybit hack. OKX did not immediately respond to Decrypt’s request for comment.
In January, Bybit, one of the largest crypto exchanges, suffered a devastating hack in which nearly $1.5 billion in Ethereum (ETH) and ETH-related tokens were stolen, making it the largest hack in crypto history.
The hack was attributed to the Lazarus Group, a notorious North Korean hacking collective believed to be responsible for a string of high-profile cybercrimes.
Bybit CEO Ben Zhou recently pointed out that nearly $100 million, or 40,233 ETH, from the $1.5 billion hack had flowed through OKX’s Web3 platform, with a significant portion of the funds now lost and untraceable.
In a related development, Bloomberg reported on March 11 that regulators in the European Union are reportedly investigating OKX’s decentralized finance (DeFi) platform, questioning whether the exchange’s Web3 service is compliant with the EU’s Markets in Crypto-Assets (MiCA) regulation.
The report, citing people familiar with the matter, said the exchange’s Web3 service, which includes its wallet platform, may be used for illicit activities, prompting discussions among EU regulators about potential penalties.
OKX denied the allegations, refuting the claim that it is under investigation by European regulators and calling the report “misleading.”
“We urge our community to see these attacks for what they really are - deliberate attempts to mischaracterize our role and the value we bring to the ecosystem,” OKX said in the Sunday statement.
Haider Rafique, the company’s global CMO, called the accusations "preposterous," saying OKX had implemented measures to prevent the misuse of its services.
“We did the exact opposite,” Rafique noted. “We froze funds moving to our CEX and launched new features to detect/block hackers' addresses from using our DEX or wallet services.”
In light of the situation, OKX confirmed it had consulted with regulators and made the decision to pause its DEX aggregator services proactively.
OKX's recent troubles are compounded by a settlement with the U.S. Department of Justice (DOJ).
Last month, OKX’s affiliate, Aux Cayes FinTech Co. Ltd, agreed to pay over $500 million in penalties after pleading guilty to operating without a money transmitter license and failing to follow anti-money laundering laws.
The settlement stems from accusations that OKX facilitated illicit transactions, with the DOJ stating that OKX violated U.S. laws by actively seeking American customers.
Edited by Sebastian Sinclair
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.