OKX has temporarily suspended its decentralized exchange (DEX) aggregator service following the discovery of an attempted attack by North Korea’s notorious Lazarus Group. The crypto exchange announced the decision on March 17, citing security concerns and the need to correct incomplete tagging on blockchain explorers.
According to an official statement, OKX detected a coordinated effort by Lazarus Group to exploit its DeFi services. Additionally, the exchange reported an increase in competitive attacks attempting to undermine its operations. In response, OKX is rolling out advanced security measures to prevent further misuse.
“We recently detected a coordinated effort by Lazarus Group to misuse our DeFi services. At the same time, we’ve noticed an increase in competitive attacks aiming to undermine our work,” OKX stated in its blog post. The company also confirmed that it consulted regulators before making this decision.
More: Bolivia to Use Crypto to Pay for Energy Imports
Wallet Services Remain Active Amid DEX Aggregator Suspension
While the DEX aggregator is temporarily paused, wallet services remain available. However, new wallet creation is currently restricted in select markets. OKX has already implemented several security enhancements, including real-time tracking systems to prevent malicious addresses from operating on its centralized exchange. Additionally, the platform has introduced a hacker address detection system for its web3 DEX aggregator.
OKX is also collaborating with blockchain explorers to improve labeling accuracy. This initiative aims to ensure that the actual DEXs processing trades are identified, rather than their aggregator, reducing the risk of exploitation by cybercriminals.
Lazarus Group’s Ongoing Crypto Attacks
The Lazarus Group, a state-backed hacking organization from North Korea, has been linked to multiple cyberattacks on cryptocurrency platforms. The group was responsible for the massive $1.5 billion Bybit hack on February 21. In a recent surge of attacks, Lazarus deployed six new malware packages on the Node Package Manager (NPM) platform to steal credentials and wallet data from developers.
The hackers have also been using fake Zoom calls to deceive crypto founders into downloading malicious software. According to blockchain analytics firm Chainalysis, North Korean hackers stole over $1.3 billion in cryptocurrency across 47 attacks in 2024—more than double the amount stolen the previous year.
