An ongoing EU crypto investigation into OKX for allegedly laundering $100 million from the Bybit hack in February 2025, has seen the European bloc threatening to remove OKX’s MiCA license.

The European regulators are reportedly probing OKX’s decentralized trading and self-custody offerings, which they claim were used by the Lazarus Group—a notorious hacking outfit allegedly sponsored by the North Korean regime—to launder some of the loot stolen from Bybit.

In February 2025, hackers struck Bybit, stealing over $1.4 billion from one of its cold wallets. Although the exchange continues to operate normally without halting withdrawals, the hack was a major blow to the industry, bringing scrutiny on exchanges that had managed to fend off hackers for months.

The Bybit Hack and Its Fallout for OKX in the EU

The alleged investigation, which could see OKX lose its license to operate in the EU, raises critical questions about regulatory oversight and compliance under the Markets in Crypto-Assets (MiCA) framework. At their last meeting on March 6, 2025, regulators reportedly discussed OKX, particularly its decentralized tools and whether they comply with MiCA guidelines.

MiCA, which came into force in late 2024, lays down guidelines for dApps, including all permissionless tools, mandating compliance with existing laws. During the meeting, some regulators argued that OKX’s tools must adhere to MiCA, subjecting them to stricter compliance.

Under MiCA, approved exchanges—including OKX, Crypto.com, Coinbase, and others—must protect their clients. They will be held accountable for any mismanagement of funds or fraud.

To curb money laundering, MiCA imposes strict laws requiring exchanges to verify their clients’ identities and report suspicious transactions. Additionally, exchanges must implement robust monitoring systems to prevent illegal activities or funds.

After the February hack, Bybit CEO Ben Zhou claimed that at least $100 million of stolen funds were moved through OKX’s Web3 platform. The Lazarus Group used multiple protocols to launder funds, and over 89% of the stolen ETH are currently being tracked.

Bybit Hack

OKX Defense and the Regulatory Threat

OKX has consequently stated that its tool is no different from other non-custodial crypto offerings. The CEO asserted that their crypto wallet is purely self-custodial and that measures have been implemented to block users from sanctioned countries.

Furthermore, as part of their collaboration with Bybit and other exchanges, OKX helped freeze funds from the hack, cooperating with investigators and Bybit’s legal team to recover stolen coins.

Despite these efforts, if OKX is found guilty, severe penalties may follow, forcing it to comply with MiCA’s stringent guidelines further. This could set a precarious precedent, allowing regulators to intervene in decentralized solutions where asset holders should maintain control.

If things escalate and OKX loses its license to operate in the EU, it could significantly impact crypto investors and deter other firms from entering the EU market, thereby limiting competition and innovation.