In light of an attempted attack attributed to North Korea’s Lazarus Group, OKX has decided to temporarily halt its decentralized exchange aggregator service.
The exchange shared this announcement on March 17, highlighting security concerns and the necessity to address incomplete tagging on blockchain explorers. According to their official statement, this pause will facilitate the implementation of new security measures to prevent further abuse of their platform.
“Recently, we uncovered a coordinated effort by the Lazarus Group to exploit our DeFi services. At the same time, we’ve been observing an uptick in competitive attacks intended to disrupt our operations,” the exchange noted in a blog post. It also mentioned that they consulted with regulatory bodies prior to making this decision.
While the DEX aggregator service is on hold, wallet services will continue to operate, although the creation of new wallets is temporarily limited in specific markets. OKX has already rolled out several security enhancements, including real-time monitoring to block malicious addresses on its centralized exchange and a hacker detection system for its web3 DEX aggregator.
To ensure that the actual DEXs processing trades are accurately identified rather than the aggregator, the platform is working in collaboration with blockchain explorers to correct any incomplete labeling.
Even with this temporary suspension, OKX emphasized that its web3 service functions solely as a DEX aggregator and does not hold users’ assets. The exchange is bolstering its security protocols by establishing real-time tracking systems designed to identify and thwart hacker addresses.
The Lazarus Group has been connected to various cyberattacks targeting cryptocurrency exchanges, including the $1.5 billion hack of Bybit on February 21. In their latest series of attacks against developers, the group has launched six new malware packages on the Node Package Manager platform, aimed at stealing credentials and wallet information.
Additionally, the hackers have utilized fake Zoom calls to trick cryptocurrency founders into downloading malicious software. In 2024 alone, North Korean cybercriminals stole over $1.3 billion worth of cryptocurrency across 47 attacks, which is more than double the amount pilfered the previous year, as reported by Chainalysis.