Malta Regulator Fines OKX $1.2 Million for Violations of AML Requirements

• FIAU has fined OKX's European unit for non-compliance with AML regulations in 2023.
• The exchange has significantly improved regulation over the past 18 months, but violations are found to be systematic.
• Risks related to mixers, confidential coins and activities outside the EU are among the shortcomings.

Malta's Financial Intelligence Unit (FIAU) has fined Okcoin Europe - the European arm of exchange OKX - $1.2 million. The order was issued due to the platform's violations of anti-money laundering (AML) regulations in 2023. 

Representatives of the regulator noted that despite significant progress over the past 18 months, past violations cannot be ignored.

OKX became one of the first exchanges to receive a MiCA license in the EU through its Maltese office in January 2025. However, during its inspection, the FIAU identified weaknesses in its risk assessment (BRA) system that prevented the exchange from "adequately assessing money laundering threats" and taking appropriate action.

Among the risks identified were the use of cryptocurrency mixers, anonymous coins, stablecoins and transactions on decentralized exchanges. Additionally, violations related to customer service outside the EU were noted, despite the stated regional strategy.

The regulator pointed out that OKX had to take into account potential threats from foreign users and funding sources. At the time of publication of the material, the exchange did not comment on the issue of recognizing violations, but assured that it continues to strengthen its compliance system.

OKX has suspended its DEX aggregator due to the Bybit hack

Cryptocurrency exchange OKX suspended its decentralized exchange (DEX) aggregator after consulting with regulators.

The company said in a statement that the team recently discovered "coordinated efforts by the Lazarus Group to abuse scarce services." OKX has also noticed an increase in attacks aimed at disrupting the exchange, the statement said.

In addition, the company added that it has already deployed a hacker address detection solution:

• A system to detect hacker addresses in the Web3 aggregator DEX;
• a system for tracking the latest addresses of attackers and blocking them in the CEX system in real time.

The Block noted that the exchange's decision was a response to a report by Bloomberg that noted OKX was in the EU's crosshairs because of its role in the Bybit hack. The report stated that OKX's service was used to launder some of the funds stolen in the Bybit hack.

OKX caught in EU crosshairs over its role in Bybit hack

Crypto exchange OKX has come under the crosshairs of European regulators because its service was used to launder some of the funds stolen in the hack of the Bybit platform. This is reported by Bloomberg. 

According to the publication, the issue of possible sanctions against OKX was raised during a meeting organized by the Standing Committee on Digital Finance of the European Securities and Markets Authority, which was held on March 6, 2025. 

The occasion was the OKX Web3 service, a decentralized multichain wallet with token swap capability. The hackers behind the Bybit exchange hack allegedly used it to launder about $100 million of the funds stolen in the attack. 

This was announced by Bybit CEO Ben Zhou on March 4. Of this amount, about $65 million cannot be traced, added the head of the company. 

According to Bloomberg, the topic of discussion was whether MiCA regulations apply to OKX Web3. If so, what sanctions could be imposed on the exchange for its alleged role in the incident. 

On January 27, 2025, OKX announced that it had received a full license to operate in the EU. Services will be provided through the exchange's Malta unit. 

Citing sources present at the meeting, Bloomberg said that representatives of two countries - Austria and Croatia - advocated extending MiCA regulations to some decentralized platforms, including OKX's service.

OKX commented on the situation. The company called the Bloomberg article misleading, noting that there is no investigation against the exchange;

The official statement said OKX reacted as quickly as possible to the Bybit hack. The exchange has frozen funds flowing into the main platform and has also developed a new feature to detect and block accounts of hackers using its decentralized platform. 

Thailand's SEC files suit against OKX for unlicensed activities

Thailand's Securities and Exchange Commission (SEC) filed a lawsuit against cryptocurrency exchange OKX and its operator Aux Cayes FinTech Co Ltd. The platform is accused of providing services without a license, which violates the 2018 Digital Assets Emergency Ordinance.

The SEC said OKX began operating in Thailand in October 2021, charging a 0.1 percent commission on transactions despite lacking authorization. Authorities also identified nine people promoting the exchange on social media platforms including Facebook, X (formerly Twitter), Telegram and YouTube. They face charges of promoting unlicensed activity.

According to the Commission, the actions violate Section 26 of the Emergency Decree, which carries fines and criminal penalties. If the court finds OKX and its partners guilty, they face two to five years in prison, as well as fines of up to 500,000 baht (about $14,700) and a daily fine of 10,000 baht ($295) for delinquency.

Thailand's SEC has reminded investors of the risks of working with unlicensed platforms. Users of such exchanges are not protected by law and may face fraud or money laundering. Licensed companies such as Binance and Upbit are listed on the regulator's official website.

Thai authorities continue their fight against unlicensed crypto exchanges. They announced the blocking of such platforms in 2024, handing over their list to the Ministry of Digital Economy. Similar measures were taken against Bybit in 2023.