Risk Intelligence Roundup for February 2025

Welcome to our Risk Intelligence Roundup newsletter, where we focus on delivering curated compliance insights and solutions to empower your risk management strategy.

In February 2025, we saw major swings in international markets, data breaches, fines, and regulatory changes that could shape the future of cryptocurrency and cybersecurity. Here is a closer look at the biggest news this month:

Regulatory News

1?? Mandatory Deposit Limits to Be Introduced to the UK Gambling Industry

The UK gambling industry has undergone several major changes over the last couple of years, and restrictions continue to tighten as the UK Gambling Commission aims to tackle the country’s problem gamblers.

From October 31, 2025, it will require all players to set deposit limits upon joining a UK-licensed gambling site, while also pushing for more transparency on how customer funds are protected and implementing a levy on operators.

The new statutory levy will require operators to contribute between 0.1% and 1.1% of their gross yield. However, the regulators have removed the requirement for operators to make financial contributions to organisations that support problem gambling.

Furthermore, if an operator provides no protection for player funds following insolvency, they must warn their players about this and remind them every six months.

2?? Cryptocurrency Exchange OKX Agrees to Pay $505 Million in Fines

This month, the crypto exchange OKX pleaded guilty to violating anti-money laundering laws in the US and has been ordered to pay $505 million in forfeitures and fines.

Prosecutors argued that the platform facilitated over $5 billion in suspicious transactions between 2018 and 2024 while allowing customers from the US to process transactions worth over $1 trillion.

This is despite the fact that the company’s official policy was to ban US customers and prevent them from trading on the platform.

Cybersecurity News

1?? Communications of Ransomware Group Leaked Online

On February 21, ArsTechnica reported that over 200,000 messages from Black Basta, a major ransomware group, were leaked online.

The messages were sent through the Matrix chat platform between September 2023-2024. The whistle-blower’s identity is currently unknown, but they claimed that the leak was in retaliation for the group targeting Russian banks.

The group is thought to be behind many major attacks on global financial and health-care infrastructure, including notable attacks on Ascension, a health-care system, Southern Water, a UK utilities provider, and Hyundai Europe, the European division of the Hyundai Motor Company.

Hudson Rock, a security firm, uploaded the transcripts to ChatGPT to create a public resource that can help researchers analyse the texts and understand the group’s operations.

2?? Apple Removes its Data Protection Tool in the UK

Apple’s data protection tool, known as Advanced Data Protection (ADP), is being pulled from the UK market after the government requested access to the data.

The tool was used to encrypt data stored on iCloud servers and provided a high level of security that meant Apple or any other third-party could not access the data.

The UK government seemingly took issue with this encryption service and demanded access to the data earlier this month. However, the nature of Apple’s encryption means there is no back door and no third-party access, so it is a request that Apple was unwilling and perhaps unable to grant, leading to the service being removed for UK users.

Talk to our Risk Intelligence experts ???? BOOK A MEETING

Cryptocurrency News

1?? $1.5 Billion Stolen in the “Biggest Ever” Crypto Theft

On February 21, hackers stole $1.5 billion in digital assets from cryptocurrency exchange Bybit, which experts have dubbed the “biggest-ever” cryptocurrency theft.

It eclipses the $600+ million stolen from Poly Network in 2021 and the $615 million stolen from the Ronin Network in 2022.?

Bybit, a Dubai-based exchange, said that hackers stole from its Ethereum wallet by exploiting security features and transferring the money to an unidentified address.?

As expected, the markets reacted, and the price of Ethereum dropped by 4%, leaving it at just over $2,600 per coin. It then dropped further to around $2,400 per coin, a drop of over 12% in the 5 days following the attack.

Ben Zhou, the founder of Bybit, responded quickly, noting that clients' assets were safe before replacing the money that was stolen.

Investigations are still ongoing, but it has been alleged that Lazarus, a group backed by the North Korean government, is behind the hack.

2?? The SEC Drops Cases Against Coinbase and Robinhood

On February 21, the Securities and Exchange Commission (SEC) dropped charges against Coinbase in what has been described as a “massive win” for the industry.

Initially filed in 2023, the case argued that the cryptocurrency exchange sold digital currencies that amounted to “unregistered securities”.

Several days later, the SEC also dropped a case against the crypto arm of Robinhood, stating that it had no intention of pursuing prosecution.

Robinhood had been warned in 2024 that it could be charged with violating a securities law, despite the company arguing that it had attempted to work with the agency and always respected federal laws.

The fact that the SEC has dropped two major cases against crypto platforms has been taken as a huge positive for the crypto industry. At the same time, however, the industry lost $110 billion in one of its worst days in months, seemingly driven by the news that President Trump was going to reinstate tariffs on Mexico and Canada, an act that sent ripples of uncertainty through global markets.?

Sanctions News

February 24

The EU announced its 16th package of sanctions against Russia. Designed to increase the pressure on Russia as the war enters its fourth year, the sanctions will target the country’s transport, trade, energy, and financial service sectors. The package includes many companies believed to be involved in circumventing existing sanctions while also adding 74 vessels to the list.

The UK announced its largest package of sanctions against Russia since 2022. There are 107 new sanctions on the list, including companies charged with producing or supplying goods for the Russian military, as well as OJSC Keremet Bank, based in Kyrgyzstan, and North Korean generals and politicians complicit in sending thousands of North Korean soldiers to Russia.

The US imposed further sanctions against the Iranian oil trade, targeting oil tankers and individuals based in India, the UAE, and China, among other jurisdictions.

Easily identify sanctioned entities, both local and international with our ???? SANCTIONS LISTS