EU investigates OKX for its role in Lazarus’ $1.5 billion Bybit hack

European regulators are investigating OKX over allegations that its Web3 platform was used to launder $100 million linked to the $1.5 billion Bybit hack, according a Bloomberg report on Tuesday.

On March 6, financial watchdogs from all 27 EU member states met under the European Securities and Markets Authority (ESMA) to discuss whether OKX’s Web3 service falls under the Markets in Crypto-Assets (MiCA) framework. If regulators determine that it does, OKX could face severe penalties under European law.

Officials say hackers connected to North Korea’s Lazarus Group funneled stolen funds through OKX’s self-custodial wallet and decentralized trading service, per the report.

Just last month, the company had to plead guilty to operating without a US license, processing over $1 trillion in unauthorized transactions, and agreed to pay $504 million in penalties.

Regulators question OKX’s Web3 compliance under MiCA

The Bybit hack was the single largest in crypto history, and they mainly took Ether and moved the funds using cross-chain bridges and decentralized exchanges.

Authorities now say a portion of the stolen crypto—about $100 million—was washed through OKX’s Web3 service, which lets users swap tokens and interact with multiple blockchains.

OKX operates a major crypto exchange that supports over 300 cryptocurrencies, but its Web3 platform is separate and allows users to connect to 100 different blockchains via a self-custodial wallet. As of July 2023, OKX reported that 53 million wallets had been created on the platform.

While fully decentralized platforms are exempt from MiCA, regulators from Austria and Croatia argue that OKX’s Web3 service should be covered under EU law.

During the March 6 meeting, regulators reviewed a presentation that pointed out how OKX’s Web3 wallet is directly integrated into the company’s website.

The presentation also shared that OKX’s terms of use list an entity in Singapore as its main operator, though OKX has denied any link between its Web3 wallet and OKX SG Pte, the company’s Singapore-based entity, which is registered under Singapore’s central bank.

The meeting also raised concerns over whether OKX’s role in the Bybit hack constitutes a violation of sanctions on North Korea. But regulators have yet to decide whether formal legal action will be taken on that front, according to Bloomberg.

In response to the allegations, OKX released a statement saying, “Claims of OKX’s involvement in laundering any funds are inaccurate and preposterous, we’ve been assisting Bybit on tracking wallet addresses and blocking those necessary in real time.”

ESMA and EU watchdogs push for huge penalties against OKX

Several EU regulators are now calling for strict action against OKX. Officials have urged ESMA and the European Banking Authority (EBA) to investigate the exchange’s MiCA compliance.

A key focus is OKX’s MiCA license, which it secured through Malta’s financial regulator in January 2025. Just a month later, OKX obtained permission to “passport” its services across the European Economic Area (EEA).

During the March 6 meeting, watchdogs pressured Malta’s financial authority to consider penalties, including revoking OKX’s MiCA permit and blocking its ability to operate across the EEA.

Malta’s regulators confirmed they would meet with OKX’s senior management to discuss the Bybit hack, but did not say whether formal action would be taken. Both Malta’s financial watchdog and the EBA declined to comment on the investigation.

ESMA though issued a statement saying, “We stand ready to deploy all available regulatory tools, if necessary, to safeguard market integrity and investor protection.”

Under MiCA’s Article 64, regulators can revoke a license if an entity fails to prevent money laundering or violates compliance rules in other serious ways, and the law also allows ESMA and the EBA to request a full investigation into whether an exchange is still meeting MiCA requirements, said the report.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot