European regulators are reportedly looking into crypto exchange OKX after it was alleged that hackers used the platform to launder money from a nearly $1.5 billion robbery at Bybit.
The cryptocurrency exchange OKX is currently the subject of an investigation by European regulators following claims that hackers employed its platform to clean approximately $1.46 billion that was stolen from Bybit, as reported by insiders familiar with the situation.
This inquiry is spearheaded by national regulators from the 27 EU member states and was a topic of discussion at a meeting of the Digital Finance Standing Committee of the European Securities and Markets Authority on March 6, according to the same sources.
The investigation is particularly focused on OKX’s Web3 service, a decentralized finance platform and self-custodial wallet. It is alleged that around $100 million was laundered through this service by hackers associated with North Korea. European regulators are now examining whether OKX’s Web3 platform is subject to the EU’s new Markets in Crypto-Assets regulations, which came into effect at the end of 2024.
Although OKX maintains that its Web3 platform is decentralized, regulators from Austria and Croatia contend that it should fall under MiCA due to its connection with OKX, the report indicates.
OKX faces the risk of losing MiCA authorization
In late February, hackers from North Korea targeted Bybit, one of the largest cryptocurrency platforms, stealing around $1.46 billion in a highly coordinated operation. It was reported that the attack was executed by compromising the computer of an employee at Safe, a technology provider for Bybit. Shortly after the breach, Bybit’s CEO Ben Zhou revealed that about 20% of the stolen assets had become untraceable due to the hackers utilizing mixing services.
The current status of the investigation remains uncertain, but it could result in regulatory measures, including the potential revocation of OKX’s MiCA authorization in Europe. According to MiCA’s Article 64, regulators have the authority to withdraw a license if an entity fails to implement effective anti-money laundering systems or breaches significant regulatory requirements.