Crypto exchange OKX has officially relaunched its decentralized exchange (DEX) aggregator, OKX Web3, following a security pause in March aimed at halting misuse by the North Korean hacking collective, Lazarus Group.
In a May 4 statement posted to X, OKX CEO Star Xu announced that the aggregator is back online with several new protective measures, including a “real-time abuse detecting and blocking system.”
“OKX Web3 is a browser and search engine for blockchain,” Xu said, reaffirming the product’s role as a multi-DEX aggregator that consolidates trading data across decentralized platforms.
New Security Features Aim to Outpace Hackers
In its update, OKX said the revamped DEX aggregator includes enhanced tools to flag and block malicious onchain behavior.
“Our dynamic database of suspect addresses blocks hackers and bad actors in real time, while proactive alerts warn you about risky transactions,” the company said.
The aggregator is now supported by audits from CertiK, Hacken, and SlowMist, and its infrastructure has been stress-tested through a bug bounty program. It also features new wallet analysis tools that can label onchain addresses as “whales” or “snipers,” helping users navigate liquidity and trading threats.
Lazarus Group Exploit Prompted Temporary Shutdown
OKX initially paused its DEX aggregator on March 17, citing security concerns over the Lazarus Group’s attempts to exploit the platform. At the time, the exchange pledged to roll out improved tracking and blocking systems to prevent similar exploits.
Part of that commitment involved building a hacker address tracking system to monitor suspicious activity and blacklist addresses tied to bad actors.
Regulatory Scrutiny and Industry Fallout
The DEX aggregator’s return comes amid broader scrutiny. On March 11, Bloomberg reported that European regulators were investigating OKX’s DEX aggregator and wallet services for a possible role in laundering funds from the $1.4 billion Bybit hack in February.
OKX pushed back the same day, arguing that the swap function in its non-custodial wallet acts as an aggregator and does not hold user funds.Other platforms linked to the Lazarus Group’s laundering trail haven’t fared as well. On May 1, crypto exchange eXch announced its shutdown following reports it processed funds tied to the Bybit hack. Though it initially denied the allegations, the exchange later admitted to handling some of the illicit funds.
