OKX suspends DEX aggregator services amid Lazarus group threat
- OKX halts DEX aggregator amid Lazarus Group misuse attempts.
- The exchange has added hacker detection and real-time tracking.
- OKX wallets remain operational though new wallet creations restricted.
In a decisive move to safeguard its users and the broader cryptocurrency ecosystem, OKX has temporarily suspended its decentralized exchange (DEX) aggregator services.
We are temporarily pausing our DEX aggregator to address incomplete tagging on blockchain explorers while we also roll out new security features. This is to address the recent coordinated attacks by media along with unsuccessful efforts by Lazarus group to misuse our DeFi…
The suspension follows the detection of an attempt by the notorious North Korean hacking group, the Lazarus Group, to misuse the aggregator services.
A DEX aggregator, for those unfamiliar, is a service that pools liquidity from multiple decentralized exchanges, enabling users to secure the best trading rates across various protocols.
The Lazarus Group, a state-sponsored hacking entity tied to North Korea, has earned a fearsome reputation for targeting cryptocurrency platforms.
Renowned for its sophisticated cyberattacks, the group was allegedly responsible for the staggering $1.5 billion hack of Bybit in February 2025.
Blockchain analytics firm Chainalysis reports that North Korean hackers pilfered over $1.3 billion in cryptocurrency through 47 attacks in 2024 alone.
This relentless wave of cybercrime underscores the escalating threat posed by such actors, making OKX’s rapid action both timely and essential.
Impact on users
Copy link to sectionWhile the suspension of DEX aggregator services may disrupt some users, OKX has reassured its community that wallet services remain fully operational.
That said, the creation of new wallets is temporarily limited in certain markets as a precautionary step.
Crucially, OKX stresses that its Web3 service operates solely as a DEX aggregator, not as a custodian of user assets.
This distinction minimizes the risk of large-scale theft, as user funds are not directly held by OKX, offering a layer of protection even amid heightened threats.
Notably, OKX’s choice to prioritize security over uninterrupted service sets a compelling precedent for the industry, emphasizing the necessity of vigilance in an increasingly perilous digital environment.
OKX’s proactive security measures
Copy link to sectionBesides the temporary suspension of the DEX aggregator services, OKX has introduced a suite of security enhancements to bolster its defenses in response to the attempted breach.
The exchange has deployed a hacker address detection system tailored for its Web3 DEX aggregator, a feature rolled out just days before the suspension.
Additionally, OKX has established real-time tracking to identify and block malicious addresses within its centralized exchange system.
These upgrades showcase OKX’s determination to outpace cybercriminals and shield its users from potential financial harm.
Beyond these technical fortifications, OKX is partnering with blockchain explorers to rectify incomplete trade labeling.
This collaboration ensures that the actual decentralized exchange processing transactions are correctly identified, rather than mistakenly attributing activity to the aggregator.
By refining this transparency, OKX aims to prevent future misuse and maintain trust in its platform.
More industry news
