EU Investigates OKX Over Alleged Role in Bybit Hack Money Laundering

Table of Contents

OKX is reportedly under investigation by European Union regulators following allegations that its Web3 platform, a decentralized finance (DeFi) service, was used to launder $100 million from the Bybit hack.

The breach is linked to North Korea’s Lazarus Group, which saw hackers steal $1.5 billion in digital assets—mostly Ether (ETH)—from Bybit on Feb. 21, 2025. The exchange’s alleged involvement has placed it in the spotlight of regulators.

The laundering claims came from reports that some of the stolen funds were laundered through OKX’s Web3 platform, taking advantage of its DeFi capabilities. This allegation has led the EU regulators to investigate the exchange on the $100M in Bybit funds that were laundered.

Also read: $280M Gone, $1.07B in Play: Inside the Bybit Hack Investigation

This has raised questions about the exchange’s compliance with the new EU regulations, given its leadership status within the crypto space and latest expansion efforts.

MiCA License at Risk as EU Probes OKX’s Web3 Services

The EU’s investigation questions if the firm’s Web3 platform falls under the Markets in Crypto-Assets (MiCA) regulation, a framework requiring crypto-asset service providers (CASPs) to meet anti-money laundering (AML) and know-your-customer (KYC) standards.

On March 6, 2025, the Digital Finance Standing Committee of regulators from all 27 member states debated the regulatory status of OKX following the Bybit hack scandal.

Also read: THORChain Developer Resigns Over Reversed North Korea Sanctions Vote

The exchange secured its MiCA license in January 2025 to operate across the EU, but a finding of non-compliance could lead to penalties or revocation, threatening its regional operations.

3.4.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH, 77% are still traceable, 20% has gone dark, 3% have been frozen.
Breakdown:
– 83% (417,348 ETH, ~$1B) have been converted into BTC with 6,954 wallets (Average 1.71 btc each) . This and…
— Ben Zhou (@benbybit) March 4, 2025

Meanwhile, OKX claims Bybit made misleading statements about its latest hack. The probe is indicative of MiCA’s emphasis on market integrity, with regulators weighing how decentralized services like OKX’s Web3 fit into the framework.

Also read: CEX vs DEX: Understanding the Key Differences in Cryptocurrency Trading Platforms

OKX Denies Investigation, Points to Compliance Measures

OKX has rejected and denied claims of being under EU investigation, calling them inaccurate.

The Bloomberg article is misleading. Like all other major crypto exchanges, OKX provides a self-custody wallet service/swap feature that serves as an aggregator to create efficiency for the users. When Bybit got hacked, we reacted in two ways. (1) We froze associated funds moving… https://t.co/HUUmA8W2eq
— OKX (@okx) March 11, 2025

The exchange claims it froze stolen funds entering its centralized platform (CEX) and deployed features to block hacker addresses on its decentralized exchange (DEX) and wallet services

The platform has also stated its cooperation with Bybit post-hack and its commitment to regulatory compliance, citing its MiCA license as evidence.

Author

Toheeb Kolade

Toheeb is an insightful blockchain reporter with deep knowledge of cryptocurrencies. With years of experience in financial journalism, Toheeb covers the latest developments in blockchain technology, cryptocurrency trends, decentralized finance (DeFi), and regulatory updates. Known for breaking news and in-depth analysis, Toheeb brings new angles on how blockchain is transforming industries and changing the global economy. From uncovering market movements to providing expert commentary on new technologies, Toheeb is dedicated to keeping readers informed about the developments in blockchain-related topics.

View all posts