OKX DEX suddenly suspended services: How did the hackers launder money?

CN
19 hours ago

OKX aims to be the "on-chain Google," becoming the infrastructure for the entire Web3 industry, and will integrate and balance compliance measures, technical services, and user experience.

Written by: Yue Xiaoyu

If it were a normal service upgrade, there would definitely be prior notification to avoid user panic;

More importantly, products generally do not upgrade by pausing services. It is known that OKX DEX has an average daily trading volume of over $200 million, which has a significant impact.

All of this points to a reasonable explanation: due to regulatory pressure, the DEX service was urgently suspended.

Previously, North Korean hackers had used it to launder nearly $100 million stolen from Bybit, so regulatory scrutiny suddenly turned to OKX DEX.

Information asymmetry causes user panic; trust comes from transparency.

This article aims to explain the principles behind OKX DEX. Only by understanding these principles can users have a clearer understanding of OKX DEX, thus avoiding excessive interpretation and worry.

1. First, let's answer the question: Can OKX DEX really be used for money laundering?

OKX DEX is essentially a trading aggregator that uses a smart order-splitting algorithm to help users find the optimal trading path.

For users, this is a very useful tool, but if exploited by criminals, it can also pose risks.

Let's take a look at the principles of OKX DEX's X Routing algorithm:

(1) Scanning liquidity sources: Obtaining real-time liquidity data from multiple DEXs (such as Uniswap, Curve, etc.) and cross-chain bridges.

(2) Optimizing trading paths: Calculating the optimal trading route based on price, slippage, and gas fees.

(3) Splitting orders: Breaking large trades into multiple smaller trades, distributing them across different liquidity pools or paths to reduce market impact and achieve the best execution price.

(4) Executing in one go: Completing all split sub-orders through a single blockchain transaction, ensuring atomicity (i.e., either all succeed or all fail).

We can see that the above design is very efficient, but these features can indeed be exploited by hackers.

2. How do hackers launder money?

Money laundering generally consists of three stages: Placement, Layering, and Integration.

The smart order-splitting algorithm of OKX DEX is mainly likely to be exploited in the "Layering" stage.

The smart order-splitting algorithm automatically splits large trades into multiple smaller orders, distributing them across different liquidity pools and blockchain networks, such as from Ethereum to Polygon or Arbitrum.

This dispersion increases the difficulty of blockchain analysis because funds are divided into multiple small trades, scattered across different addresses and networks, making it complex to track the complete flow of funds.

More critically, with an average daily trading volume exceeding $200 million, OKX DEX provides a natural "noise" environment.

Hackers can mix illegal funds into the flow of legitimate transactions, with small trades generated by the smart order-splitting algorithm mingling with normal transactions from other users, reducing the risk of detection.

Additionally, hackers can create multiple anonymous wallet addresses, inputting illegal funds in batches, and after processing through the smart order-splitting algorithm, outputting to new addresses, forming a multi-layer "cleaning" effect.

Through this method, North Korean hackers may have split $100 million into hundreds of small orders (e.g., a few thousand dollars each), converting through ETH to USDT and then to other tokens multiple times, ultimately outputting to clean addresses, appearing as normal on-chain operations.

3. What preventive or countermeasures does OKX have?

Everything on-chain is traceable; there are always clues to be found, and the core issue is time.

Therefore, what OKX can do is efficient monitoring and timely blocking.

When Bybit mentioned that North Korean hackers might use OKX DEX for money laundering, OKX founder Star directly responded that OKX DEX has deployed a real-time monitoring system capable of identifying and intercepting wallet addresses that have been blacklisted.

This is an important means to combat the abuse of the platform by known criminals.

For example, when the system detects that an address associated with known hackers or illegal activities attempts to trade through OKX DEX, it will automatically block these operations.

Thus, Star also mentioned that upon discovering illegal fund inflows, OKX has frozen some related funds and is cooperating with the victim (Bybit) to track the hacker's address.

This post-event countermeasure indicates that the OKX platform has a certain level of emergency response capability and can limit the expansion of losses after an incident occurs.

Now, with the direct suspension of OKX DEX services, OKX officials stated it was to "launch new security features," one reason being to "address the issue of incomplete markings on blockchain explorers."

Although specific details have not been disclosed, it is speculated that it will include more powerful on-chain analysis tools, improving cooperation with on-chain data providers to ensure transaction records are clearer and more transparent, facilitating the tracking of fund flows.

By optimizing transaction markings, OKX can assist regulatory agencies or security teams in more effectively identifying suspicious activities.

4. What is the future direction of OKX DEX?

First, I am not worried that OKX DEX will be shut down for the long term; it should resume normal services soon.

OKX has the technical strength and a strong willingness to address compliance issues.

It is important to note that OKX has a deep technical foundation in Web3; most of the Web3 wallets seen in the market actually use OKX's underlying services: OKX OS (OKX Operating System).

OKX aims to be the "on-chain Google," becoming the infrastructure for the entire Web3 industry, and will integrate and balance compliance measures, technical services, and user experience.

Star has recognized this early on and directly stated at the 2049 event in 2024:

Wallets are primarily a compliance issue; in the future, there will be an easy-to-use, Web2-like self-custody wallet that also meets regulatory requirements, such as using ZK-KYC technology, where users' KYC will not be leaked while still verifying users' KYC.

That day is approaching; the OKX wallet may undergo many adjustments in product form. Here are a few expectations:

(1) The OKX wallet will be separated from the OKX exchange, becoming an independent application, and the operating entity will also be completely isolated;

(2) The OKX wallet will require KYC, which can be directly linked to the KYC of the OKX exchange, and may also implement ZK-KYC technology;

(3) The OKX wallet will further introduce on-chain native DeFi functions, such as staking, lending, liquidity mining, and other decentralized services;

We can look forward to the new form of the OKX wallet in the future.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink