Crypto exchange OKX has temporarily halted its decentralized exchange aggregator to prevent “further exploitation” by the North Korean hacking group Lazarus.
“Recently, we identified a deliberate attempt by the Lazarus group to misuse our DeFi services,” the exchange reported on March 17.
“After discussions with regulators, we proactively decided to pause our DEX aggregator services. This pause allows us to implement further enhancements to safeguard against misuse.”
The helpdesk confirmed that the DEX aggregator would remain suspended for an “internal review and upgrade” but did not disclose a timeline for when services would be restored.
However, it stated that crypto wallet services would still be accessible to all users, although new wallet creation would be put on hold in certain markets during this period.
Earlier reports indicated that financial authorities in the European Union were investigating the company’s DEX aggregator and wallet services for their alleged involvement in laundering funds from the Bybit hack.
“In recent days, we have encountered targeted media scrutiny questioning our integrity and operational practices,” the firm noted in a blog post. They emphasized that they “cannot overlook the timing of these attacks, particularly as we vigorously combat financial crime.”
According to the CEO of Bybit, nearly $100 million from the $1.5 billion hack was laundered through OKX’s Web3 proxy, with a portion of the money becoming untraceable.
In response to the claims, the firm stated that the “report was misleading,” asserting that following the Bybit hack, they took swift action to freeze any related funds to prevent their transfer to the centralized exchange and initiated the creation of new hack detection features.
The goal is to ensure that explorers accurately identify the true DEX processing trades, rather than misidentifying their aggregator as the direct point of trade.
The exchange has already implemented a “hacker address detection system” for its DEX aggregator, along with a system designed to monitor and block the latest addresses used by hackers in real time on the centralized exchange.
“Significant controls have been introduced for OKX Web3 to combat misuse, including blocking IPs from prohibited markets and real-time detection and blocking of blacklisted addresses,” the CEO stated on March 17.
The firm further clarified that the OKX Web3 DEX aggregator does not hold customer assets, adding that its purpose is to facilitate access to liquidity across various protocols, although it noted that “some have intentionally misrepresented” its platform.