Cryptocurrency exchange, OKX, has temporarily stopped its decentralised exchange (DEX) aggregator service. The decision comes after the company discovered that the North Korean hacking group, Lazarus, was trying to misuse its platform.
European regulators are also investigating OKX over claims that its DEX aggregator was used to launder stolen crypto funds. The suspension will allow OKX to strengthen security measures and prevent further misuse.
On 17 March, OKX announced that it had detected a coordinated effort by the Lazarus Group to exploit its decentralised finance (DeFi) services. In response, the company decided to take proactive action by temporarily disabling its DEX aggregator.
“Recently, we detected a coordinated effort by Lazarus group to misuse our DeFi services”, OKX said. “After consulting with regulators, we made the proactive decision to temporarily suspend our DEX aggregator services. This move allows us to implement additional upgrades to prevent further misuse”, it added.
While the company did not provide an exact date for when the service would resume, it confirmed that crypto wallet services would still be available. However, new wallet creation will be temporarily paused in certain markets.
This suspension comes after reports that European regulators are investigating OKX’s Web3 services. According to a Bloomberg article published on 11 March, authorities are looking into claims that the platform was used to move stolen funds from the Bybit hack, one of the biggest crypto heists in recent history.
Bybit’s CEO, Ben Zhou, stated that around $100 million from the $1.5 billion hack had been laundered through OKX’s Web3 proxy. Some of these funds are now untraceable.
Denying allegations of money laundering
OKX has strongly denied accusations that it played a role in laundering stolen funds. The company described the claims as misleading and said they were part of a “targeted media attack” designed to damage its reputation.
“We can’t ignore the fact that these attacks are happening at a time when we are actively fighting against financial crime”, OKX stated in a blog post.
OKX explained that when Bybit was hacked, it immediately took action by first freezing the stolen funds. The exchange blocked any funds linked to the hack from moving into its centralised exchange (CEX).
It also strengthened its security measures by starting to work on new detection tools to prevent similar incidents in the future.
The exchange also criticised how its DEX aggregator has been portrayed in media reports. It argued that some articles have incorrectly suggested that its aggregator was responsible for processing illegal trades.
“Some have deliberately misrepresented our platform”, OKX said. The company clarified that the aggregator does not store user funds or process trades directly. Instead, it simply helps users find the best liquidity across multiple DeFi platforms.
OKX also mentioned that blockchain explorers have sometimes misidentified its aggregator as the main platform where transactions occur.
The company is now working on improvements to ensure that explorers correctly highlight the actual DEX where trades take place.
Increasing security to prevent future attacks
To prevent further misuse of its platform, OKX has rolled out new security measures. These include a hacker address detection system, a tool that would track and block hacker addresses in real-time on OKX’s CEX.
OKX has also introduced IP blocking for users in restricted regions for stronger restrictions for high-risk markets.
A blacklist for suspicious addresses have also been created where the company now has a system that updates and blocks hacker wallets before they can access OKX’s services.
“We already rolled out a lot of controls for OKX Web3 to combat misuse, including prohibited market IP blocking and real-time black address detection”, said OKX CEO, Star Xu, on 17 March.
Despite the challenges, OKX has assured its users that it remains committed to fighting financial crime and complying with regulations.
The temporary suspension of the DEX aggregator highlights the growing pressure on crypto exchanges to prevent illicit activities.
With more scrutiny from regulators, companies like OKX are being forced to improve their security measures and ensure that bad actors do not exploit their platforms.
A larger problem in the crypto industry
OKX is not the only platform dealing with security concerns. Other crypto exchanges and DeFi services are also taking steps to prevent hackers from misusing their platforms.
For example, Chainflip, a cross-chain DEX, is rolling out an upgrade to block hackers from using its services. The new 1.7.10 protocol upgrade will introduce better screening tools that allow operators to reject suspicious transactions.
Additionally, phishing scams targeting major crypto exchanges like Coinbase and Gemini have increased. Fraudsters are sending fake emails and SMS messages to users, pretending to be from these exchanges. These scams try to trick users into transferring their crypto to fake self-custody wallets controlled by hackers.
Coinbase has warned users about these scams, stating, “Never enter a recovery phrase given to you by someone else, even if they’re from Coinbase”.
The exchange has also reminded customers that it never makes unsolicited phone calls or asks users to transfer funds for security reasons.
OKX’s recent issues come at a time when regulators worldwide are increasing their focus on crypto exchanges.
European regulators are investigating whether OKX’s DeFi services violate the Markets in Crypto Assets (MiCA) guidelines. Meanwhile, the exchange is also facing legal challenges in the US.
Last month, OKX’s affiliate, Aux Cayes FinTech Co. Ltd, agreed to pay over $500 million in penalties to the US Department of Justice (DOJ). The company pleaded guilty to operating without a proper money transmitter license and failing to comply with anti-money laundering laws.
The DOJ stated that OKX actively sought American customers while failing to follow the necessary regulations.
OKX’s decision to suspend its DEX aggregator is a significant move in its fight against financial crime. While the investigation by European regulators is ongoing, OKX continues to defend itself against allegations of money laundering.
The exchange has made it clear that it does not process illegal trades and is committed to improving transparency. The company is now working on security upgrades to prevent future exploits by groups like Lazarus.
The Lazarus Group, which has also been blamed for the Bybit hack, is believed to be backed by North Korea. The country has built a large Bitcoin reserve, surpassing even crypto-friendly nations like El Salvador and Bhutan.
Following the Bybit hack, much of the stolen Ethereum was converted into Bitcoin. This increased North Korea’s Bitcoin holdings to 13,562 $BTC, worth over $1.14 billion.
Analysts believe that North Korea is using stolen Bitcoin to create a shadow reserve, allowing it to bypass financial sanctions and fund its operations.