OKX, one of the world’s largest cryptocurrency exchanges, has temporarily suspended its DEX aggregator services as it moves to bolster defenses against sophisticated cyberattacks linked to North Korea’s notorious Lazarus Group.
The decision comes after reports revealed that Lazarus was attempting to launder part of its record-breaking $1.5 billion crypto heist through OKX’s decentralized finance (DeFi) channels. While OKX refuted some of the claims circulating in the media, the company acknowledged facing a coordinated effort by hackers to exploit its services.
Known for providing advanced crypto trading options—from spot and derivatives to DeFi—OKX handles billions in monthly trading volume. By the end of 2024, it commanded nearly 8% of the global spot trading market, processing an impressive $230 billion per month. Its DEX aggregator plays a crucial role in helping users access the best prices by pooling liquidity from multiple decentralized exchanges, reducing slippage during trades.
Reports surfaced that following the Bybit hack, where Lazarus allegedly stole $1.5 billion worth of crypto, the group attempted to funnel $100 million of the stolen assets through OKX’s DEX aggregator. This triggered regulatory interest, particularly from European Union authorities. However, OKX pushed back, accusing Bybit of spreading misinformation and clarifying that it froze suspicious funds moving into its centralized exchange (CEX).
“Recently, we detected a coordinated effort by Lazarus to misuse our DeFi services,” OKX shared in a statement. “At the same time, we’ve observed competitive attacks aimed at undermining our work. Rather than shy away, we’ve chosen decisive action.”
OKX Strengthening Defenses Against Crypto Laundering
OKX’s response was swift. After consulting with global regulators, the exchange decided to suspend its DEX aggregator temporarily. This pause allows the company to roll out critical security upgrades designed to prevent future misuse by bad actors like Lazarus.
“We’ve proactively suspended DEX aggregator services to enhance our defenses. This will give us time to implement upgrades aimed at stopping these coordinated attacks,” an OKX spokesperson confirmed.
Among the first new security measures is a system capable of tracking hacker-linked wallet addresses across the DEX aggregator. Simultaneously, OKX is setting up real-time blocking protocols to prevent these flagged addresses from accessing their centralized exchange.
Additionally, OKX is partnering with blockchain explorers to improve transaction transparency. By properly labeling transactions, they aim to prevent confusion about where trades originate—helping both users and regulators distinguish legitimate trades from potential laundering attempts.
OKX’s latest move signals a growing shift in the crypto industry, where exchanges are expected to balance decentralization with compliance and security. By taking these steps, OKX hopes to strengthen not just its own defenses but set an example for how exchanges should react when facing state-sponsored hacking groups like Lazarus.
With cybercriminals constantly adapting, only time will tell if Lazarus will find new ways to bypass these security layers—or if they’ll be forced to look elsewhere for laundering their stolen crypto. For now, OKX is making it clear that protecting its platform, users, and the integrity of the crypto market is its top priority.
