EU Regulators Probe OKX's Web3 Role in Bybit Crypto Laundering Case

European regulators are intensifying their scrutiny of OKX in connection with allegations of money laundering linked to a significant cyber heist involving Bybit. This scrutiny was a central topic during a recent meeting of national regulatory authorities within the European Union, convened on March 6 under the auspices of the European Securities and Markets Authority’s (ESMA) Digital Finance Standing Committee.

The investigation primarily focuses on OKX’s Web3 service, a decentralized finance (DeFi) platform that serves as a self-custodial wallet, enabling access to various blockchains and exchanges. Reports indicate that approximately $100 million in stolen cryptocurrency, allegedly associated with North Korean hackers, was laundered through this service. The implications of such activities have prompted a closer examination of whether OKX’s operations fall within the regulatory scope of the EU’s recently enacted Markets in Cryptoassets (MiCA) regulation. This regulation aims to enhance oversight of digital asset providers and enforce compliance with financial security standards.

Discussions among regulators—particularly those from Austria and Croatia—centred around whether OKX’s Web3 service should be subjected to MiCA regulations, despite fully decentralized platforms generally being exempt since the rules took effect in late 2024. A significant point of contention was the integration of the Web3 service into OKX’s main website and its links to an entity based in Singapore; such connections may imply a level of centralized control inconsistent with a purely decentralized platform.

Alongside concerns about potential breaches of sanctions against North Korea, especially in light of the laundering activities tied to the Bybit cyber incident, the regulatory discussions could lead to further regulatory intervention and penalties for affected entities. These developments raise the prospect of consequential adjustments to how EU financial laws apply to similar digital asset platforms.

In response to these allegations, OKX has vehemently denied any wrongdoing, branding a Bloomberg report on the matter as misleading. The exchange clarified that its Web3 wallet and token swap functionalities are akin to those provided by other major cryptocurrency platforms and serve to enhance user experience, rather than to facilitate illicit activities.

Acknowledging the gravity of the Bybit breach, OKX stated that it promptly froze any related funds on its centralized exchange and rolled out a tool designed to prevent hacker-associated addresses from interacting with its decentralized exchange or wallet services. The exchange expressed disappointment in Bybit’s comments, suggesting they contributed to a narrative that misrepresented OKX’s involvement in ongoing investigations.

Moreover, OKX asserts that the current regulatory focus is more reflective of wider industry-wide discussions regarding decentralized finance rather than any particular issues with its own operations. It contends that the core of the problem resides with Bybit’s security practices rather than any lapses on its part, responding robustly to accusations that mischaracterize its role in the incident’s aftermath.

Laura Bennett

Laura Bennett is a digital marketing strategist and writer with a keen eye for online trends and audience engagement. With over seven years of experience, she specializes in data-driven content and digital growth strategies. Based in Virginia Beach, VA, Laura covers the latest in marketing, business, and online branding.