Crypto exchange giant OKX has slammed the brakes on its decentralized exchange (DEX) aggregator services, citing the need for urgent security upgrades. The suspension, announced March 17, 2025, comes after the notorious Lazarus Group tried to launder a cool $100 million through OKX’s platform. Not exactly subtle, guys.
The North Korean hacker collective has been on a tear lately. They’re fresh off a record-breaking $1.5 billion heist from Bybit on February 21, adding to their impressive $1.3 billion crypto haul from 2024 alone. These hackers have deployed six new malware packages on Node Package Manager designed to steal crypto credentials. These hackers aren’t playing around – they’ve launched 47 attacks on crypto platforms in just the previous year. Talk about workplace productivity.
North Korea’s Lazarus Group is basically running the world’s most profitable hacking operation, with crypto exchanges as their personal ATMs.
OKX didn’t make this decision in a vacuum. They consulted with regulators before pulling the plug on their DEX aggregator. The company, which handles around $230 billion in monthly trading volume and holds about 8% of global spot trading market share, can’t afford to look like it’s helping bad actors clean their dirty money. Small businesses should take note, as zero trust architecture could help them avoid becoming part of the 60% that shut down within six months after experiencing a cyber attack.
Bloomberg’s reporting on the situation struck a nerve with OKX, who called the coverage “misleading.” The exchange insists they proactively froze funds linked to hackers and emphasized they’re just an aggregator, not holding the stolen assets themselves. Classic “don’t shoot the messenger” defense.
While the DEX service sits in timeout, OKX’s wallet services remain available to existing users, though new wallet creation is restricted in certain markets. The centralized exchange operations continue unaffected. Small mercies.
OKX isn’t just sitting on its hands, either. They’ve rolled out a system to track hacker-linked addresses in real-time, implemented IP blocking for prohibited markets, and partnered with blockchain explorers to guarantee accurate transaction labeling. The company has also begun an internal review process to upgrade their DEX aggregator against future exploitation attempts.
The crypto world watches closely. If Lazarus can bypass these new security measures, other exchanges with flimsier defenses will likely become their next targets. The cat-and-mouse game continues, with billions at stake and regulators breathing down everyone’s necks.
