OKX Claims Bybit Misled EU Regulators Over Hack

OKX pushed back against a recent article claiming that EU watchdogs were scrutinizing the exchange over its potential role in the Bybit hack. The firm received a MiCA license last month to meet EU compliance and claims that regulators are not investigating its services.

OKX’s comments took a surprisingly hostile tone towards Bybit, even though the firm proactively tried to cooperate in freezing stolen money. It did not directly refute the notion that Lazarus Group hackers used its decentralized services.

OKX Pushes Back Against Claims of EU Scrutiny

OKX, a leading crypto exchange, has been building its regulatory credibility as of late. Last month, OKX settled with the US Department of Justice to help normalize relations. It also recently secured a MiCA license to conduct business in the European Union.

Today, the exchange reacted to a recent Bloomberg article that claimed EU regulators were quietly scrutinizing it. In the article, Bloomberg referenced Bybit’s statement and described that EU regulators are ‘zeroing in’ on OKX’s Web3 services.

“The Bloomberg article is misleading. It is unfortunate Bybit’s statements are spreading misinformation among journalists. We want to clarify for our community that OKX is not being investigated. This is simply a case of Bybit’s lack of security know-how. Our web3 wallet services are no different than what is offered by other industry players,” OKX wrote on X (formerly Twitter).

A Bybit Misunderstanding?

On March 4, Bybit CEO Ben Zhou posted a breakdown of the Lazarus Group’s money laundering efforts, which were largely successful.

Also, Zhou claimed that 8% of the funds were laundered through a decentralized OXK wallet, and its President, Hong Fang, reached out to help. Zhou thanked her for this assistance.

However, this 8% of the stolen funds, which amounted to around $100 million, is at the center of the EU’s apparent scrutiny. Bloomberg reported that regulators are trying to determine whether OKX’s separate, decentralized Web3 service also falls under MiCA. If so, the EU may even claim that OKX violated sanctions against North Korea.

All that is to say, this report doesn’t cite any new claims from Bybit except the exchange between Zhou and Hong. This interaction had a very cordial tone at the time, but OKX’s official statement is much more caustic today.

The firm absolutely refutes these claims and reiterates that Bybit was hacked because of its own security vulnerabilities.

“We will continue to help Bybit to strengthen the industry. But we absolutely refute the false claims by Bybit that are leading to misinformation about our role in what began as a serious security vulnerability on their exchange,” OKX wrote.

These claims are particularly concerning and don’t necessarily align with OKX’s proactive response after the hack. When the hack first happened, crypto sleuth ZachXBT specifically appreciated the firm’s willingness to help freeze stolen assets.

If this cooperation attracted regulatory scrutiny, however, some frustration is understandable. So far, Bybit hasn’t commented on any of these proceedings.

It’s important to remember that Bloomberg didn’t state that a criminal investigation was taking place, only that a confidential group of watchdogs was closely discussing the issue. It didn’t specifically touch on the actual laundering allegations.