Following the discovery of an attempted attack by North Korea’s Lazarus Group, OKX has temporarily suspended its decentralized exchange aggregator service. The exchange made the announcement on Mar.17, citing security issues and the need to fix incomplete tagging on blockchain explorers. According to their official statement, the suspension will allow OKX DEX aggregator to roll out new security measures to prevent further misuse. “Recently, we detected a coordinated effort by Lazarus Group to misuse our DeFi services. At the same time, we’ve noticed an increase in competitive attacks aiming to undermine our work,” OKX stated in its blog post. The exchange added that it consulted regulators before taking this step. We are temporarily pausing our DEX aggregator to address incomplete tagging on blockchain explorers while we also roll out new security features. This is to address the recent coordinated attacks by media along with unsuccessful efforts by Lazarus group to misuse our DeFi… pic.twitter.com/r6oHNIaalT — OKX (@okx) March 17, 2025 While the DEX aggregator is paused, wallet services remain available, though new wallet creation is temporarily restricted in select markets. OKX has already implemented a number of security improvements, such as real-time tracking to stop malicious addresses in its centralized exchange and a hacker address detection system for its web3 DEX aggregator. You might also like: OKX acquires MiFID II license in Europe In order to ensure that the actual DEXs processing trades are identified rather than their aggregator, the platform also stated that it is collaborating with blockchain explorers to rectify incomplete labeling. Despite the temporary suspension, OKX stressed that its web3 service is only a DEX aggregator and not a custodian of user assets. The exchange is further strengthening its security by implementing real-time tracking systems to identify and block hacker addresses. The Lazarus Group has been linked to multiple cyberattacks targeting cryptocurrency platforms, including the Feb. 21 $1.5 billion Bybit hack . In their latest wave of attacks targetting developers, the group has deployed six new malware packages on the Node Package Manager platform to steal credentials and wallet data. The hackers have also been using fake Zoom calls to trick crypto founders into downloading malicious software. Over $1.3 billion worth of cryptocurrency was stolen by North Korean hackers in 47 attacks in 2024, more than doubling the amount stolen the year before, according to Chainalysis. Read more: GENIUS Act to set stablecoin rules, Circle celebrates: Is Tether’s compliance headache just beginning?
