Cryptocurrency exchange OKX has temporarily suspended its decentralized exchange (DEX) aggregator service following allegations that North Korea’s state-sponsored Lazarus Group exploited it to launder funds stolen from the recent Bybit hack. The hackers later converted a substantial portion of the stolen assets into Bitcoin, with blockchain analysis revealing that $100 million was laundered through OKX’s Web3 DEX aggregator. However, critics argue that the lack of clear labeling on blockchain explorers obscured the true DEXs involved in transactions, enabling Lazarus to obscure the fund trail. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Bybit CEO Ben Zhou confirmed the laundering route, stating that OKX’s aggregator played a critical role in moving funds through decentralized protocols like THORChain and ExCH. We are temporarily pausing our DEX aggregator to address incomplete tagging on blockchain explorers while we also roll out new security features. In response to the allegations, OKX has implemented real-time hacker address detection systems to block malicious actors on its centralized exchange (CEX) and DEX aggregator. The suspension, announced on March 17, 2025, coincides with heightened regulatory scrutiny and efforts to enhance platform security. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. The platform also introduced IP blocking for prohibited markets and collaborated with blockchain explorers to correct transaction labeling inaccuracies. The Lazarus Group’s use of chain-hopping (converting assets across blockchains) and privacy mixers further complicates tracking, with only 3% of the stolen funds frozen to date. As exchanges like OKX refine their defenses, the broader industry must address systemic vulnerabilities in DEXs and aggregators to prevent future misuse.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Mar 2025 10:20:13 +0000