European Union regulators are investigating OKX, one of the world’s largest cryptocurrency exchanges, following allegations that its OKX Web3 platform was used to launder approximately $100 million in stolen cryptocurrency from a $1.5 billion hack of the Bybit trading platform. The scrutiny centers on whether OKX’s Web3 services, marketed as a decentralized finance platform and self-custodial wallet, fall under the EU’s Markets in Cryptoassets (MiCA) regulations, which took full effect at the end of 2024. National watchdogs from the EU’s 27 member states discussed the issue during a confidential meeting hosted by the European Securities and Markets Authority (ESMA) on March 6, 2025, focusing on OKX’s potential role in facilitating money laundering and its compliance with MiCA.
The investigation follows reports that Lazarus hackers, allegedly linked to North Korea, moved stolen funds—primarily Ether—through OKX’s Web3 platform, utilizing decentralized platforms and cross-chain bridges to obscure the trail. OKX has denied direct involvement in laundering, stating it took measures such as freezing related funds and blocking hacker addresses in real time to assist Bybit. The exchange also argues that its Web3 services, which aggregate access to various exchanges and blockchains, are comparable to those offered by other major crypto platforms and should not be subject to MiCA, as fully decentralized platforms are exempt.
However, regulators from countries like Austria and Croatia have argued that OKX’s Web3 platform is integrated into its centralized operations, with its user interface and terms of service clearly identifying an OKX Singapore entity as the operator, suggesting it falls within MiCA’s scope. The probe adds to OKX’s recent regulatory challenges. In February 2025, OKX pleaded guilty in the U.S. to operating an unlicensed money-transmitting business, agreeing to pay over $504 million in penalties for processing more than $1 trillion in transactions by U.S. customers without proper registration or anti-money laundering (AML) controls.
Register for Tekedia Mini-MBA edition 17 (June 9 – Sept 6, 2025) today for early bird discounts. Do annual for access to Blucera.com.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register to become a better CEO or Director with Tekedia CEO & Director Program.
This history of non-compliance has heightened scrutiny in the EU, with Malta’s financial regulator, where OKX secured a MiCA pre-authorization in January 2025, now reviewing whether to revoke its permit. Regulators are also examining potential violations of sanctions against North Korea, given the alleged involvement of state-sponsored hackers. While the investigation highlights significant concerns about security and compliance in the crypto industry, it’s important to approach the narrative with skepticism.
The $100 million figure tied to OKX represents only a fraction of the $1.5 billion Bybit hack, and OKX’s claim of taking proactive measures—such as freezing funds and blocking addresses—suggests it may not have been complicit but rather a secondary platform exploited by hackers. The debate over whether OKX’s Web3 services fall under MiCA hinges on the blurry line between centralized and decentralized platforms, a regulatory gray area that has yet to be fully tested. Critics of the regulatory push might argue that such actions could stifle innovation in the decentralized finance (DeFi) space, where platforms often operate without traditional oversight by design.
Moreover, the focus on North Korean hackers aligns with a broader geopolitical narrative that may amplify the perceived severity of the incident. While North Korean cybercrime is a documented issue, attributing the hack to state actors without conclusive evidence risks sensationalizing the event for political or regulatory leverage. OKX’s past regulatory lapses, particularly in the U.S., provide context but do not necessarily prove intentional wrongdoing in this case.
Investors and users should remain cautious, recognizing that the outcome of this investigation could set a precedent for how DeFi platforms are regulated in the EU, potentially impacting the broader crypto ecosystem. However, the lack of public evidence and the confidential nature of the deliberations mean that conclusions about OKX’s culpability remain speculative at this stage.