(Bloomberg) -- European crypto regulators are scrutinizing the use of a service offered by OKX, one of the largest digital-asset exchanges, by hackers to launder proceeds from a $1.5 billion heist on trading platform Bybit, people with knowledge of the matter said.
Most Read from Bloomberg
-
NJ College to Merge With State School After Financial Stress
-
NYC Congestion Pricing Toll Gains Support Among City Residents
-
Inside the ‘Not Architecture’ of High Line Designers Diller Scofidio + Renfro
National watchdogs from the European Union’s 27 member states discussed the issue at a meeting hosted by the European Securities and Markets Authority’s Digital Finance Standing Committee on March 6, the people said, asking not to be named because the deliberations are confidential. OKX is subject to the EU’s new Markets in Cryptoassets, or MiCA, regulations.
Regulators are zeroing in on OKX’s Web3 service, which the company markets as a decentralized-finance platform and self-custodial wallet that gives crypto traders access to various exchanges and blockchains, two of the people said. The hackers, which authorities have linked to North Korea, laundered about $100 million of crypto they stole through the Web3 platform, according to Bybit.
At issue for regulators is whether the Web3 platform is encompassed by MiCA, and if so, what potential penalties to impose on OKX, the people said.
The Bybit exploit was the biggest and most sophisticated to hit the crypto industry so far, and highlighted key vulnerabilities in the ecosystem as North Korean hackers increasingly target exchanges. The hackers quickly moved to launder the tokens they stole — mainly Ether — through decentralized platforms and so-called cross-chain bridges.
OKX, founded in 2017 and based in the Seychelles, offers trading in over 300 cryptocurrencies including Bitcoin and Ether over its centralized exchange. In July, the company said 53 million individual wallets had been created on its separate Web3 service, adding that the platform covered 100 different blockchains.
While fully decentralized platforms are exempt from MiCA rules that took full effect at the end of 2024, regulators from countries including Austria and Croatia said at the meeting that OKX’s Web3 service should be encompassed by the bloc’s rules, according to the people.
License “Passporting”
A presentation given at the gathering by one national regulator said the user interface for swapping tokens and connecting a Web3 wallet is directly integrated into OKX’s website, and highlighted that the platform’s terms of use clearly identifies an OKX Singapore entity as its main operator, one of the people said. The Web3 wallet service isn’t related to OKX SG Pte, the entity that’s regulated by Singapore’s central bank, the company said.