German authorities seized $38 million in cryptocurrency linked to the Bybit hack, with eXch exchange used to launder the stolen funds.
Cryptocurrency exchange eXch has made headlines for allegedly being the platform through which hackers laundered the cryptocurrency stolen from Bybit. German authorities have seized €34 million ($38 million) worth of cryptocurrency from eXch in connection with the record-breaking $1.4 billion breach of Bybit.
The German Federal Criminal Police Office (BKA) and Frankfurt’s main prosecutor’s office confirmed the news on May 9, 2025. The stolen assets include Bitcoin BTC $107 209 24h volatility: 1.2% Market cap: $2.13 T Vol. 24h: $21.71 B , Ether ETH $2 487 24h volatility: 0.4% Market cap: $300.27 B Vol. 24h: $14.07 B , Litecoin LTC $86.47 24h volatility: 1.0% Market cap: $6.57 B Vol. 24h: $300.41 M , and Dash DASH $19.85 24h volatility: 2.3% Market cap: $244.52 M Vol. 24h: $17.68 M .
Crypto swapping platform eXch, which began operations in 2014, was used to facilitate the exchange of various cryptocurrency assets. Authorities have revealed that eXch operated on both the clearnet and darknet, making it accessible to a wide range of users.
The platform was seized by German authorities, and its servers were confiscated due to its involvement in laundering money for criminals. This was possible, authorities claim, because eXch failed to implement anti-money laundering measures.
Before the seizure of its servers, eXch announced that it would cease operations in Germany as of May 1, 2025. During its time in operation, the platform is said to have been involved in the transfer of crypto assets worth approximately $1.9 billion.
eXch is believed to have operated without requiring users to submit identity documentation or retain any user data, which made it easier for individuals to conceal financial transactions. This lack of regulatory oversight allowed the platform to be exploited by criminals.
The exchange was ultimately shut down after it was revealed that a portion of the funds stolen during the massive February 21 breach of the Bybit cryptocurrency platform had been laundered through eXch’s services.
Bybit hack
In February, the ByBit exchange fell victim to a cyberattack that targeted one of its cold wallets, resulting in the theft of $1.46 billion worth of Ether. The attackers, identified as the North Korean Lazarus Group, used a “masked” transaction technique in combination with a fraudulent Safe wallet interface to deceive ByBit’s security team into authorizing the malicious transactions.
In the aftermath of the breach, ByBit’s CEO, Ben Zhou, reassured the public that the exchange’s operations would continue as normal, stressing that only a single cold wallet had been compromised. Following the hack, Zhou revealed that the Lazarus Group had moved some of the stolen funds through mixers in an effort to obscure their origin.
4.21.25 Executive Summary on Hacked Funds:
Total hacked funds of USD 1.4bn around 500k ETH. 68.57% remain traceable, 27.59% have gone dark, 3.84% have been frozen. The untraceable funds primarily flowed into mixers then through bridges to P2P and OTC platforms.
Recently, we have…— Ben Zhou (@benbybit) April 21, 2025