Greece’s First Crypto Asset Freeze: The Bybit Hack Saga
In a groundbreaking move, the Hellenic Anti-Money Laundering Authority in Greece has successfully executed the country’s first-ever freeze on cryptocurrency assets. This operation recovered funds tied on to the notorious $1.5 billion Bybit exchange heist, linked to North Korea’s infamous Lazarus Group.
Using Blockchain to Unravel Complex Laundering Schemes
With the assistance of the Chainalysis Reactor blockchain evaluation tools, Greek authorities were capable of trace the stolen funds through an intricate web of laundering schemes. The operation laid down undeniable on-chain evidence linking the seized assets to the cyber attack that occurred in February 2025.
In our latest blog, we take a look at how the Hellenic Anti-Money Laundering Authority, with help from Chainalysis, traced and froze a portion of the funds from the Bybit hack, marking the first-ever crypto seizure in Greece: https://t.co/SOXmT9xknN
— Chainalysis (@chainalysis) July 9, 2025
From Suspicion to Seizure: The Investigation Unfolds
The investigation kicked off when authorities noticed a suspicious cryptocurrency transaction months after the Bybit breach. Armed with advanced blockchain evaluation tools, Greek investigators were capable of visualize fund movements and connect a suspect wallet to the essential wallets involved within the exchange heist.
In a formidable international effort, nearly five months after the attack, 32.78% of the stolen $1.4 billion remained traceable, with a notable 62.04% having vanished and 5.18% successfully frozen.
Blockchain Analysis Enables International Law Enforcement Breakthrough
Greece’s success is owed to strategic foresight, because the Hellenic Authority invested in Chainalysis Reactor tools through regional partner Performance Technologies back in 2023. The evaluation uncovered that North Korean hackers swiftly laundered the stolen Ethereum through complex transaction webs designed to muddy the financial trail.
Chainalysis confirmed that the hackers initially breached the exchange via social engineering, executing phishing attacks against cold wallet signers to control multi-signature setups. Bybit CEO Zhou initially thought 30,000 ETH (about $82 million) was compromised, only to find the total extent of the breach involved 401,000 ETH ($1.4 billion).
The exchange quickly processed 350,000 withdrawal requests inside 10 hours, and 580,000 by the subsequent day, all to keep up customer confidence.
Security experts noted that the Lazarus Group moved assets swiftly through decentralized exchanges, mixers, and cross-chain bridges to evade detection.
BYBIT HACKER LAUNDERING FUNDS
The Bybit Hacker is making 2-3 transactions per minute, and stops every 45 minutes for a 15-minute break. They move ETH from one address at a time before moving onto the subsequent one.
Did Lazarus get an intern to scrub their funds manually? pic.twitter.com/XCS16hMC3i
— Arkham (@arkham) February 24, 2025
The cybercriminals managed to convert 86.29% of the stolen funds into 12,836 Bitcoin spread across 9,117 wallets, using tools like Wasabi, CryptoMixer, Railgun, and Tornado Cash to obscure transactions.
Global Crackdown Targets Crypto Laundering Infrastructure
While Greece made its move, Germany also took significant motion by seizing €34 million ($38 million) in crypto from the eXch platform on May 8, a part of ongoing investigations into the Bybit hack’s money laundering activities. This marked the third-largest crypto confiscation within the history of Germany’s Federal Criminal Police Office.
German authorities dismantled eXch after discovering it laundered over €1.75 billion ($1.9 billion) in crypto, much of which was suspected to be from criminal origins. The platform ignored repeated warnings and refused to dam malicious addresses, defying regulatory freeze orders.
Investigator ZachXBT highlighted that eXch handled funds from multiple high-profile incidents, including multisig wallet exploits and the $243 million Genesis creditor heist. The platform marketed itself as privacy-centric, offering cross-blockchain exchanges without identity checks.
Even after claiming an April shutdown, eXch continued operations via backend APIs, allowing criminal groups like Lazarus to maintain laundering money through signature mixing pools.
Efforts to get well funds have united 12 organizations, including Mantle, Paraswap, and blockchain investigators, who’ve earned $2.2 million USDT in bounties for his or her assistance. However, organized crime stays a looming threat to the crypto industry.
In recent months, Taiwan’s BitoPro lost $11.5 million through exposed wallets during system upgrades, and Brazil’s C&M Software attack led to $40 million in crypto laundering. Most notably, Iran’s largest crypto exchange, Nobitex, confirmed a $73 million security breach on June 19, leading to over $90 million being drained from its hot wallet infrastructure.
As of today, the decentralized exchange GMX is believed to have suffered a $42 million exploit, with assets reportedly drained from its vaults.
Bybit has launched a bounty program offering 10% rewards on recovered funds, amounting to as much as $140 million for successful asset retrieval.
The post Greece Makes First Crypto Seizure After $1.5 Billion Bybit Hack – Here’s What Happened appeared first on Cryptonews.
Image Credit: cryptorank.io
