OKX Halts DEX Aggregator Amid Lazarus Group Misuse and EU Regulatory Pressure

OKX, a prominent crypto exchange, has temporarily suspended its decentralized exchange (DEX) aggregator services. The decision, announced on Monday, comes in response to alleged misuse by the notorious Lazarus Group and mounting scrutiny from European Union regulators. This development follows reports that the aggregator was exploited to launder a portion of the $1.5 billion stolen in the devastating Bybit hack, one of the largest breaches in the history of centralized exchanges.

OKX stated that the suspension was a proactive step taken after consultations with regulatory authorities. The exchange emphasized its intent to bolster security measures, noting that the pause would allow time to implement upgrades aimed at preventing further exploitation.

In its official statement, OKX highlighted a detected effort by the Lazarus Group, a North Korean hacking collective, to misuse its decentralized finance (DeFi) services. The exchange also acknowledged an uptick in competitive attacks aimed at disrupting its operations, adding complexity to an already challenging situation. This dual pressure from criminal activity and regulatory oversight underscores the growing pains faced by platforms navigating the evolving crypto landscape.

The suspension aligns with recent reports which revealed that EU regulators had begun examining OKX’s decentralized trading and self-custody offerings. Sources suggest that the focus of the probe centers on whether these DeFi tools comply with the European Union’s Markets in Crypto Assets (MiCA) framework, a set of guidelines designed to regulate digital asset markets.

Wallet Services Continue with Limited Adjustments

Despite the aggregator’s suspension, OKX reassured users that its wallet services remain fully operational for existing customers. However, the exchange announced a temporary halt on new wallet creation in certain markets, a move likely intended to manage risk while addressing compliance demands.

This partial continuity reflects OKX’s effort to balance user access with the need to adapt to external pressures. In a separate post, the exchange clarified that these adjustments would not affect the majority of its customers, though it did not specify which regions would face restrictions.

The backdrop to OKX’s decision is the catastrophic Bybit hack last month, widely regarded as a watershed moment for centralized exchanges. Attributed to the North Korean Lazarus Group, the attack resulted in losses estimated at $1.5 billion, with Bybit CEO Ben Zhou revealing that approximately $100 million of the stolen funds flowed through OKX’s web3 proxy.

This revelation has intensified scrutiny on the interconnected nature of crypto platforms and their vulnerability to sophisticated cyber threats. For OKX, the incident has amplified the urgency of fortifying its infrastructure, particularly as regulators and competitors alike watch closely.