Following the discovery of an attempted attack by the North Korean Lazarus group, OKX temporarily halted its decentralized exchange aggregator service.
The exchange was announced on March 17th, citing security issues and the need to fix incomplete tagging in Blockchain Explorer. According to their official statement, the suspension allows OKX Dex aggregators to deploy new security measures to prevent further misuse.
“We recently detected coordinated efforts by the Lazarus Group to exploit defi services. At the same time, we noticed an increase in competitive attacks aimed at undermining our work,” OKX said in a blog post. Exchange added that it consulted regulators before taking this step.
Dex Aggregator is suspended, but the wallet service is still available, but creating a new wallet is temporarily selected. OKX has already implemented many security improvements, including real-time tracking that shuts down malicious addresses in centralized exchanges, and Web3 Dex Aggregator hacker address detection system.
The platform also said it is working with Blockchain Explorer to fix incomplete labeling to ensure that actual DEXS processing transactions are identified rather than aggregators.
Despite the temporary suspension, OKX emphasized that its Web3 service is a DEX aggregator and not a custodian of user assets. Exchanges further enhance security by implementing real-time tracking systems to identify and block hacker addresses.
The Lazarus group is linked to multiple cyberattacks targeting cryptocurrency platforms, including the $1.5 billion Bybit Hack on February 21. In the latest wave of attacks targeting developers, the group deployed six new malware packages on the Node Package Manager platform, stealing credentials and wallet data.
Hackers are also using fake zoom calls to trick Crypto's founder and download malicious software. More than $1.3 billion in cryptocurrency was stolen by North Korean hackers in 47 attacks in 2024, according to chain dialysis.