Emma Nelson 
European regulators are currently investigating OKX after hackers reportedly utilized the platform’s Web3 service to launder an estimated $100 million worth of stolen cryptocurrency following the ByBit hack. Authorities are carefully examining whether OKX’s Web3 platform falls under the newly implemented Markets in Cryptoassets (MiCA) regulations, as they determine whether the platform should be subject to penalties or sanctions. This scrutiny is part of a broader, ongoing debate among national financial watchdogs in the European Union regarding how to best oversee cryptocurrency exchanges under the EU’s new regulatory framework.
Bybit Hack
ByBit Hack: EU Deliberates Potential Sanctions on OKX for Crypto Laundering
According to a Bloomberg report, the hackers involved in the ByBit breach used OKX’s Web3 service to launder around $100 million in stolen cryptocurrency. The majority of the stolen assets, which were largely Ethereum (ETH), were moved across decentralized platforms and cross-chain bridges to obscure their origin. This incident is being viewed as one of the most advanced and sophisticated cyberattacks the cryptocurrency industry has faced to date.
In response to this breach, European regulators are discussing whether OKX’s Web3 platform should be classified under MiCA regulations, which govern cryptocurrency service providers. Some regulatory authorities believe that, due to its direct integration with OKX’s main platform, the Web3 service should fall under regulatory scrutiny. Others, however, argue that fully decentralized platforms like Web3 could be exempt from the MiCA rules, adding complexity to the decision-making process regarding potential penalties.
Crypto Regulation and Innovation: A Growing Debate
This investigation into OKX and the ByBit hack is also occurring in the larger context of ongoing discussions around cryptocurrency regulations within Europe and globally. Recently, Acting SEC Chair Mark Uyeda in the United States proposed reconsidering a rule that would have classified decentralized finance (DeFi) exchanges as regulated entities. The SEC’s decision to pause the rule was based on feedback from the industry, which expressed concerns over the compliance burden it would create for DeFi platforms. The debate on how to strike a balance between regulation and innovation continues to evolve, with many industry participants watching closely to see how these regulatory decisions unfold.
Regulators Examine MiCA Compliance and Potential Penalties for OKX
On March 6, regulators from the EU’s 27 member states met to review the case under the European Securities and Markets Authority (ESMA). Representatives from Austria and Croatia argued that OKX’s Web3 platform should fall under MiCA regulations, as it is directly connected to the main exchange. Under MiCA’s Article 64, the European regulators could revoke the platform’s license if it is found to be in violation of money laundering prevention rules or other financial regulations. Both ESMA and the European Banking Authority (EBA) are pushing for a full investigation into whether OKX has complied with the MiCA requirements.
Malta May Revoke OKX’s MiCA Permit Due to ByBit Hack
In addition to the investigation, OKX’s MiCA pre-authorization, granted in January through its European hub in Malta, is now under scrutiny. OKX had been granted permission to operate across the European Economic Area (EEA), but Malta’s financial regulator is now reviewing whether to withdraw that permission due to the breach. Malta’s representatives, during discussions with other EU regulators, have indicated plans to meet with OKX executives to discuss the situation and ensure compliance with MiCA. If the platform is found to be in violation of MiCA rules, the authorities may impose sanctions, including the potential revocation of OKX’s license to operate in the EU.
