Nikolas Sargeant
Crypto exchange OKX has temporarily halted its decentralized exchange aggregator services amid investigations into potential exploitation by the Lazarus hacking group.
Regulatory Pressure Mounts After Bybit Incident
Cryptocurrency exchange OKX has suspended its decentralized exchange (DEX) aggregator following detection of coordinated exploitation attempts by North Korea's Lazarus Group. The exchange announced the temporary shutdown on March 17, describing it as a "proactive decision" made after consulting with regulators to implement security upgrades and prevent further misuse of the platform.
The suspension comes as European financial authorities investigate allegations that OKX's Web3 platform facilitated money laundering connected to the recent Bybit hack. According to Bybit CEO Ben Zhou, approximately $100 million of the $1.5 billion stolen in that attack was allegedly channeled through OKX's Web3 proxy.
While DEX aggregator services are paused, OKX confirmed that most wallet functionalities will remain operational, though new wallet creation will be temporarily restricted in certain markets. The company has not provided a timeline for service restoration.
Security Enhancements Underway
In response to the allegations, OKX has implemented several new security measures, including a real-time hacker address detection system for its centralized exchange and improved blockchain explorer identification protocols. CEO Star Xu stated, "We already rolled out a lot of controls for OKX Web3 to combat misuse, including prohibited market IP blocking and real-time black address detection."
The exchange has vigorously defended itself against what it calls "targeted media attacks," emphasizing that its DEX aggregator functions primarily as a liquidity access point rather than a custodian of user assets. OKX maintains that when the Bybit hack occurred, it immediately froze related funds entering its centralized exchange and developed new security protocols.
Meanwhile, cross-chain DEX Chainflip is preparing its own protocol upgrade to prevent hackers from using its platform to launder assets stolen in the Bybit attack. The upcoming upgrade will introduce enhanced screening tools allowing broker operators to reject suspicious deposits of ETH and ERC-20 tokens.
