OKX has suspended a crypto service used to launder funds from a $1.5 billion hack on Bybit after European regulators flagged the platform’s DEX aggregator, which allowed North Korean hackers to move at least $100 million in stolen assets. Authorities say the attack, which happened in February 2025, was carried out by North Korean cybercriminals.
The shutdown follows a March 6 meeting between European regulators, where watchdogs discussed how OKX’s Web3 platform was used to process stolen crypto.
Regulators question if OKX’s Web3 service breaks MiCA rules
OKX operates under Europe’s Markets in Cryptoassets (MiCA) regulations, which set strict rules for exchanges. During the March 6 meeting, watchdogs from all 27 EU member states discussed whether OKX’s Web3 service should fall under MiCA rules. The key issue is that fully decentralized platforms are usually exempt from these regulations, but OKX’s platform isn’t entirely decentralized.
At the center of the debate is OKX’s DEX aggregator, which was directly integrated into the company’s main platform. Regulators from Austria and Croatia argued that this connection puts OKX inside MiCA’s jurisdiction, meaning it could face penalties for allowing stolen funds to be laundered.
Hackers, who are believed to be linked to North Korea, quickly converted stolen Ether (ETH) and moved the funds across cross-chain bridges and decentralized exchanges (DEXs). This type of laundering, which bypasses Know Your Customer (KYC) rules, has become a growing issue in the industry.
See also
Senator Hagerty’s stablecoin bill clears Senate Banking Committee
OKX’s license under scrutiny as EU watchdogs weigh penalties
OKX has been expanding in Europe through MiCA licensing. In January, it secured pre-authorization through Malta, and by February, it had received approval to passport its services across the European Economic Area (EEA). Now, that approval is at risk.
A presentation given at the March 6 meeting pointed out that OKX’s Web3 platform lists an OKX Singapore entity as its main operator, which led to regulators wondering whether the platform was fully decentralized or if it fell within MiCA’s scope. And according to a report from Bloomberg, if regulators rule that OKX violated MiCA rules, it could lose its license to operate across Europe.
Some officials are pushing for the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) to take action against OKX. One option on the table is forcing Malta’s financial regulator to reassess OKX’s MiCA permit. Another possibility is withdrawing OKX’s EEA license, which would block the exchange from offering services across the EU.
“Claims of OKX’s involvement in laundering any funds are inaccurate and preposterous, we’ve been assisting Bybit on tracking wallet addresses and blocking those necessary in real time,” OKX said in a statement. “We follow local laws and work closely with regulators, and respond to inquiries as they come in.”
See also
South Korea plans to unlock institutional crypto investment and new guidelines in Q3
ESMA, EBA, and Malta regulators consider next steps
Under Article 64 of MiCA, regulators can revoke a company’s license if it fails to prevent money laundering or violates other major rules. ESMA and the EBA also have the power to order national regulators to conduct a review of whether a company still meets licensing requirements.
Regulators in Malta, where OKX’s MiCA approval was processed, are now in talks with the company’s senior management to discuss the Bybit hack. However, they haven’t committed to any formal action yet. ESMA issued a statement saying it “stands ready to deploy all available regulatory tools, if necessary, to safeguard market integrity and investor protection.”
The Malta Financial Services Authority (MFSA) and the EBA declined to comment.
The OKX investigation comes at a bad time for the exchange. Just last month, it pleaded guilty to processing over $1 trillion in unlicensed transactions for U.S. customers and was fined $504 million. Now, with EU regulators involved, the company faces yet another legal battle.
ESMA Chair Verena Ross said that European regulators are working together to ensure consistent supervision as MiCA rules take full effect. “We are focused on ensuring regulatory convergence across the EU,” Ross said last month.
Cryptopolitan Academy: Coming Soon – A New Way to Earn Passive Income with DeFi in 2025.
Learn More