OKX suspends DEX aggregator to stop ‘further misuse’ by Lazarus
Crypto exchange OKX has temporarily paused its decentralized exchange aggregator to prevent “further misuse” by North Korean hacking collective Lazarus Group.
“Recently, we detected a coordinated effort by Lazarus group to misuse our defi services,” said OKX on March 17.
“After consulting with regulators, we made the proactive decision to temporarily suspend our DEX aggregator services. This move allows us to implement additional upgrades to prevent further misuse.”
The OKX helpdesk confirmed that the DEX aggregator was temporarily suspended for an “internal review and upgrade” but did not provide a timeline.
It added that crypto wallet services will remain available to all customers, but it will “pause new wallet creation in select markets during this time.”
Source: OKX
On March 11, Bloomberg reported that European Union financial watchdogs were investigating the firm’s DEX aggregator, called OKX Web3, and its wallet services for their alleged role in laundering funds from the Bybit hack.
“Over the past few days, we’ve faced targeted media attacks questioning our integrity and operations,” the firm stated in a blog post. It added that it “can’t ignore the fact that these attacks are happening at a time when we are actively fighting against financial crime.”
According to Bybit CEO Ben Zhou, nearly $100 million from the $1.5 billion Bybit hack had been laundered through OKX’s Web3 proxy, with a portion of the funds now untraceable.
OKX responded on March 11, stating that the “Bloomberg article is misleading,” saying that when Bybit got hacked, OKX reacted in two ways: by freezing associated funds from moving into its CEX, and developing the new hack detection features.
*Related: **Lazarus Group sends 400 ETH to Tornado Cash, deploys new malware*
OKX stated that the goal is to ensure that explorers properly highlight the actual DEX processing trades “rather than mistakenly identifying our aggregator as the point of trade.”
The exchange has already deployed a “hacker address detection system” for its DEX aggregator in addition to a system to track the hacker’s latest addresses and block them on its centralized exchange in real time.
“We already rolled out a lot of controls for OKX Web3 to fight with the misuse, including prohibited markets’ IP blocking and real-time black address detection and blocking system,” said OKX CEO Star Xu on March 17.
The firm also clarified that the OKX Web3 DEX aggregator is not a custodian of customer assets, adding that its function is to provide access to liquidity across multiple protocols. However, “some have deliberately misrepresented our platform,” it said.
*Magazine: **ETH may bottom at $1.6K, SEC delays multiple crypto ETFs, and more: Hodler’s Digest*