News

OKX to relaunch DEX with anti-abuse measures after Lazarus attack

Published

3 weeks ago

May 5, 2025

OKX relaunches DEX with anti-abuse features to prevent Lazarus Group attacks, adding real-time detection and blocking, enhancing security against threats.

OKX plans to relaunch its decentralized exchange (DEX), incorporating anti-abuse features following reported misuse by the Lazarus Group.

OKX has integrated advanced detection protocols into its re-launched DEX aggregator to identify potentially malicious on-chain transactions from threat actors.

OKX Web3’s DEX aggregator will relaunch with improved capabilities like a “real-time abuse detection and blocking system,” according to a May 4 announcement by founder and CEO Star Xu on X.

A decentralized exchange (DEX) aggregator is a tool that strives to provide users with optimal trading conditions by pooling liquidity from various decentralized exchanges.

Xu says, “OKX Web3 is Chrome and search engine to blockchain.”

The May 5 update from OKX confirmed that the company has introduced new security mechanisms to help spot and prevent fraudulent or suspicious activity on the blockchain from hackers and other bad actors.

OKX DEX will restart today with realtime abuse detecting and blocking system. OKX Web3 is Chrome and search engine to blockchain. Base on our understanding of onchain data, we help customers access to hundreds chains realtime data, manage multiple chains’ asset and engage with…
— Star (@star_okx) May 5, 2025

“Our dynamic database of suspect addresses blocks hackers and bad actors real-time, while proactive alerts warn you about risky transactions,” the exchange said.

“We’re audited and verified by leading blockchain security firms like CertiK, Hacken and SlowMist, and infrastructure tested through our bug bounty program.”

The on-chain analysis tool now includes a feature that categorizes wallet holders, flagging them as potential whales or snipers.

To stop further exploitation by North Korea’s Lazarus Group, OKX suspended its DEX aggregator on March 17 and promised to roll out upgrades to prevent such incidents in the future.

Additionally, the exchange noted that it is developing a hacker address system to track and block addresses linked to bad actors.

In a March 11 report, Bloomberg claimed that financial watchdogs in the European Union were probing the company’s DEX aggregator and wallet services, suspecting their involvement in laundering funds from the $1.4 billion Bybit hack in February.

Responding on the same day, OKX refuted Bloomberg’s claims, clarifying that the self-custody wallet service’s swap feature is an aggregator, not a custodian of customer funds.

The Lazarus Group’s hack has extended to other crypto services, with eXch, a crypto exchange, confirming its closure on May 1 after reports that it had been used to launder funds from the hack.

At first, the exchange denied the reports from crypto sleuths who accused it of laundering digital assets on behalf of the Lazarus Group.

Later, the exchange admitted to processing funds linked to the February hack.