European Regulators Allegedly Investigating OKX’s Decentralized Trading and Self-Custody Services
European regulators are reportedly investigating OKX’s decentralized trading and self-custody services, as these products have been allegedly used by the North Korean hacker group “Lazarus Group” to launder the $1.5 billion worth of funds stolen from Bybit in February.
According to sources cited by Bloomberg on Tuesday, “European cryptocurrency regulators” are said to have discussed OKX during a March 6 meeting of the European Securities and Markets Authority (ESMA). During the meeting, the regulators raised concerns about whether OKX’s non-permissioned tools violated the EU’s Markets in Crypto-Assets (MiCA) guidelines. Although rules that came into effect at the end of last year provided some exemptions for decentralized applications (DApps), some regulators argue that OKX’s Web3 services should fall under the MiCA regulations.
Earlier this month, Bybit CEO Ben Zhou claimed in an update on the stolen funds that at least $100 million worth of assets had been transferred via OKX’s Web3 platform.
OKX Denies Reported Allegations
OKX has denied reports through its official X account, stating that it is not under investigation by authorities and emphasized that its non-custodial Web3 products are “no different” from similar services offered by other industry platforms. According to reports, the exchange may face penalties, including the potential loss of its MiCA license obtained in February.
OKX CEO ### Xing subsequently added that the OKX Web3 wallet is a purely self-custodial software, “which is well known,” and in Bloomberg’s report, Bybit appeared to place the blame on OKX, implying that OKX assisted hackers in laundering the stolen funds. He stated, “This is incorrect and misleading,” and wrote, “I don’t understand why Bybit continues to make such absurd statements without demonstrating an understanding of the basic facts of self-custody technology.”
### Xing noted that OKX assisted in freezing Bybit’s hacked funds that were flowing into its centralized exchange and stated that the company had collaborated with law enforcement and Bybit’s legal team. ### Xing also mentioned that the incident response team had provided “technical support” to Bybit researchers and developed a tool to track the hacker’s most recent location in real-time. OKX also retained “technical control,” including blocking IPs from restricted countries.
Bybit CEO’s Response
After ### Xing raised these concerns, Bybit CEO Ben Zhou responded on social media, stating that there were some misunderstandings in the claims.
Ben clarified that Bybit had not provided any statement to Bloomberg, and he believed that the media’s reference to “according to Bybit” was based on information and data from its hacker bounty website. The hacker bounty site is continuously updated with the tracking of stolen funds, and the data displayed there is based on facts.
Ben pointed out that when the Bybit team discovered that some of the funds were flowing into OKX Web3 proxy tools, they contacted OKX for assistance in tracking the funds. The OKX team responded and provided proxy logic, allowing Bybit to continue tracking most of the funds’ movements.
Ben emphasized that Bybit only speaks based on facts and added that the hackers used multiple cross-chain bridge protocols to convert the stolen ETH into BTC, with Thor being one of the most used cross-chain protocols. “I hope this clears up the misunderstanding.”
Source