Recently, Bybit exchange encountered the largest crypto theft in the industry, with North Korean hackers stealing approximately $1.4 billion in cryptocurrencies from Bybit's cold wallet. According to information disclosed by Bybit CEO @benbybit on X, the North Korean hacker group converted most of the stolen ETH to BTC through THORChain, with about 16% of the funds transferred to ExCH, and 8% exchanged through OKX Web3 proxy contracts.
Subsequently, Bloomberg reported that EU crypto regulators are reviewing the case of hackers using OKX wallet services to exchange and mix stolen funds. OKX announced through an official statement that after consulting with regulatory authorities, they proactively decided to temporarily suspend their DEX aggregator service.
So why would OKX's decentralized self-custodial Web3 wallet voluntarily pause DEX aggregation services? What EU crypto asset regulations might wallet services potentially violate?
Whether OKX DEX Service Falls Under MiCA Regulatory Scope
The regulatory authority reviewing OKX is the European Securities and Markets Authority (ESMA), with the primary legal basis being the EU's Markets in Crypto Assets (MiCA) regulation bill, set to be fully implemented by the end of 2024.
Brief Overview of MiCA Legislation
The bill clearly defines the regulatory scope of crypto assets, categorizing them into asset-referenced tokens (ART), electronic money tokens (EMT), and other crypto asset tokens outside ART and EMT, providing detailed regulatory rules.
It sets specific regulatory requirements for different crypto asset service providers, including exchanges and institutions. Additionally, it covers preventing insider trading, user protection rules, and cross-national regulatory cooperation and penalties.
Legal Basis for OKX DEX Falling Under MiCA Regulatory Scope
1. OKX DEX Provides Crypto Asset Services Requiring Licensing Under MiCA Legislation
MiCA stipulates that providing cross-border crypto asset services within EU jurisdictions requires authorization as a licensed Crypto Asset Service Provider (CASP).
This definition includes exchanging crypto assets and executing crypto asset trading orders on behalf of clients.
While OKX DEX doesn't directly provide token exchange liquidity but rather aggregates liquidity, users wanting to exchange 1 BTC for an equivalent value of ETH in their OKX Web3 wallet would have the DEX calculate the optimal exchange route.
Although OKX DEX doesn't use its own funds to help clients exchange tokens, it may likely be deemed by regulators as executing crypto asset purchase or sale orders, thus requiring a MiCA CASP license when operating in EU jurisdictions.
2. OKX DEX Is Not a Fully Decentralized Protocol, Cannot Avoid MiCA Regulation
MiCA specifies that crypto asset services provided entirely through decentralized means without intermediaries fall outside the regulation's scope.
While OKX Web3 wallet is a self-custodial decentralized wallet, its service page is integrated with the OKX exchange. According to Bloomberg, OKX Web3 wallet's usage agreement explicitly states that OKX's Singapore entity is the operator.
Therefore, OKX Web3 wallet's DEX aggregation service can hardly be considered a fully decentralized protocol, making it unable to avoid MiCA regulatory oversight.
Why OKX DEX Suspended Services
Once OKX DEX is deemed within the regulatory scope of MiCA, the current aggregation proxy service of OKX Web3 wallet has been exploited by North Korean hackers for coin mixing and money laundering. According to Article 64, Point 7 of the MiCA Act, if a crypto asset service provider fails to establish an effective system to detect and prevent anti-money laundering and terrorist financing, the authorities will revoke its MiCA license.
OKX officially announced in January that it obtained a MiCA license with Malta as the host country. If OKX DEX violates anti-money laundering regulations, it may affect its newly approved MiCA license.
Additionally, the MiCA Act stipulates that before revoking the authorization of a crypto asset service provider, the authorities can consult with institutions responsible for supervising the provider's compliance with anti-money laundering and counter-terrorist financing rules.
Therefore, this morning, OKX CEO Star explained on X that the OKX Web3 wallet has launched features including blocking specific IPs and real-time black address detection and prevention systems to combat money laundering crimes. The purpose is to help anti-money laundering regulators understand that the OKX Web3 wallet has equipped necessary on-chain anti-money laundering detection and prevention systems for its crypto asset services, thereby avoiding or mitigating potential regulatory penalties.
Summary and Outlook
On-chain wallets serve as traffic entry points from the real world to Web3, embodying the crypto industry's aspiration for a decentralized world. Top decentralized exchanges are striving to develop on-chain businesses, with OKX leading in Web3 wallet product experience, but currently facing compliance issues.
Observant friends may notice that after undergoing regulatory compliance rectification, Binance's wallet functionality is now included within the centralized exchange, meaning if you want to use the Binance wallet, you must register a Binance account, unlike the OKX wallet which can be used directly without an OKX exchange account.
As global regions continue to improve crypto industry regulations, it is inevitable that where there are people, there will be regulations. Therefore, future on-chain wallet services must be equipped with corresponding on-chain anti-money laundering systems to detect, prevent, and combat on-chain crimes, thereby providing crypto asset services to users within the regulatory compliance framework.
