European Union regulators have launched an investigation into cryptocurrency exchange OKX for allegedly enabling the laundering of $100 million stolen during the February 2025 Bybit hack, threatening to revoke the company's recently acquired operating license. The probe specifically targets OKX's decentralized trading and self-custody offerings that reportedly provided channels for hackers to move stolen funds.

The investigation centers on claims that the Lazarus Group, a hacking organization allegedly sponsored by North Korea, utilized OKX's platforms to launder portions of the $1.4 billion cryptocurrency theft. This development marks an escalation in regulatory scrutiny over cryptocurrency exchanges operating under the EU's Markets in Crypto-Assets (MiCA) framework, which took effect in late 2024.

According to sources familiar with the proceedings, European regulators convened on March 6 to discuss whether OKX's decentralized tools comply with MiCA guidelines. Several regulators argued that these tools should fall under regulatory jurisdiction and face stricter compliance requirements. The meeting specifically examined how decentralized applications should adhere to existing laws under the MiCA framework.

"At least $100 million of stolen funds were moved through OKX's Web3 platform," Bybit CEO Ben Zhou stated following the February hack. Investigators report that the Lazarus Group employed multiple protocols in their laundering operation, with authorities currently tracking over 89% of the stolen Ethereum.

The February 2025 Bybit attack, which saw hackers compromise one of the exchange's cold wallets, ranks among the largest cryptocurrency thefts in recent years. Though Bybit has maintained normal operations without suspending withdrawals, the incident has renewed industry-wide concerns about exchange security.

MiCA regulations require approved exchanges — including OKX, Crypto.com, and Coinbase — to implement robust protections for clients, even those investing in high-risk cryptocurrencies. These requirements include stringent identity verification processes, suspicious transaction reporting, and monitoring systems designed to prevent illicit fund transfers. Exchanges found in violation face potential penalties and license revocation.

OKX has defended its platform, claiming its tools are comparable to other non-custodial cryptocurrency offerings in the market. "Our crypto wallet is purely self-custodial," an OKX spokesperson stated, adding that the company has implemented measures to block users from sanctioned countries and has actively cooperated with investigators to freeze and recover stolen funds.

Despite these assertions, a guilty finding could force OKX to implement additional compliance measures and potentially set a precedent for increased regulatory involvement in decentralized finance. Industry analysts suggest such a ruling might blur the lines between centralized exchanges and self-custody solutions where users traditionally maintain control of their assets.

The potential license revocation, coming mere months after OKX received authorization to operate within the European Union, could significantly impact cryptocurrency investors throughout the region. Market observers note that such regulatory action might deter other cryptocurrency firms from pursuing European expansion, potentially limiting competition and innovation in Europe's digital asset marketplace.

This case represents a critical test of the EU's regulatory approach to cryptocurrency and could define how authorities balance security concerns with the inherently decentralized nature of blockchain technology. The outcome will likely influence how exchanges structure their offerings to comply with MiCA requirements while attempting to preserve the permissionless characteristics valued by many cryptocurrency users.