OKX suspends DEX aggregator after Lazarus hackers try to launder funds

OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist.

OKX is a leading global cryptocurrency exchange that offers a wide range of trading options, including spot and derivatives trading and decentralized finance (DeFi) services.

As of December 2024, OKX held approximately 8.0% of the global spot trading market share among centralized exchanges, with a trading volume of around $230 billion/month, ranking as one of the top exchanges worldwide.

A Decentralized Exchange (DEX) aggregator is a platform that sources liquidity from multiple DEXs to provide users with the best possible trading prices and reduced slippage.

Following its record-breaking $1.5B Bybit crypto heist, the Lazarus group reportedly attempted to use OKX’s DEX to launder $100 million of the stolen cryptocurrency.

According to Bloomberg, this sparked investigations by regulators in the European Union. However, OKX refuted these claims, stating that they froze associated funds moving into the CEX and accused Bybit of spreading misinformation.

“Recently, we detected a coordinated effort by Lazarus group to misuse our defi services,” reads the announcement OKX published earlier today.

“At the same time, we’ve noticed an increase in competitive attacks aiming to undermine our work. Rather than shy away, we chose to take decisive action.”

Responding to the misuse

Today OKX confirmed that Lazarus has been consistently attempting to misuse its services, and some downtime will be required to implement adequate defenses to block this activity.

“After consulting with regulators, we made the proactive decision to temporarily suspend our DEX aggregator services. This move allows us to implement additional upgrades to prevent further misuse,” explained OKX.

Tweet

The first measure is the launch of a system that can identify and track hacker-linked addresses on the Web3 DEX aggregator.

The second key measure is the real-time blocking of these addresses on the centralized exchange (CEX) to cut off Lazarus activity.

OKX says it’s working with blockchain explorers to ensure transactions are properly labeled, preventing confusion over trade origins and increasing security.

The cryptocurrency exchange platform seeks to enhance security, transparency, and regulatory compliance through these and other measures.

It remains to be seen if Lazarus will find ways to bypass those measures or if the North Korean hackers will move to other exchanges that don’t uphold high-security standards.

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

Source link