In a historic development for financial enforcement in Greece, the Hellenic Anti-Money Laundering Authority has executed the nation’s first-ever cryptocurrency seizure. 

The move comes as part of an extensive international investigation into the February 2025 Bybit exchange hack.

In our latest blog, we look at how the Hellenic Anti-Money Laundering Authority, with help from Chainalysis, traced and froze a portion of the funds from the Bybit hack, marking the first-ever crypto seizure in Greece: https://t.co/SOXmT9xknN

— Chainalysis (@chainalysis) July 9, 2025

The hack saw $1.5 billion in crypto assets get stolen, an attack attributed to North Korea’s state-sponsored Lazarus Group. 

Utilizing blockchain analysis software Chainalysis Reactor, Greek authorities successfully traced and froze digital assets directly linked to the heist. 

The recent development marks a significant milestone not only for Greece but also for global efforts to counter crypto-enabled cybercrime.

Blockchain Forensics Uncover Complex Laundering Trail

Greek investigators began their inquiry after flagging a suspicious crypto transaction several months post-breach. 

With new forensic blockchain capabilities obtained in 2023 via regional tech partner Performance Technologies, authorities were able to map fund movements across wallets. 

Their analysis visually reconstructed the laundering process, ultimately linking the suspect wallet to addresses involved in the initial Bybit breach. 

Despite the complexity of the laundering tactics used, including multi-hop transfers and obfuscation via mixers.

Greek analysts were able to produce conclusive on-chain evidence tying seized assets to the hack. 

Of the total stolen funds, roughly 32.78% remain traceable, 62.04% are considered “dark,” and 5.18% have now been successfully frozen.

Also Read: FTX Recovery Trust Set to Distribute Over $5B to Creditors in Major Second Payout Scheduled for May 30

Lazarus Group Laundering Tactics and Phishing Strategy Exposed

Chainalysis confirmed that the Lazarus Group employed advanced laundering methods to obfuscate their trail. 

Stolen Ethereum was rapidly routed through decentralized exchanges, cross-chain bridges, and mixing services. 

The group’s initial point of compromise involved phishing attacks that targeted cold wallet signers, ultimately compromising Bybit’s multi-signature security system. 

Bybit CEO Ben Zhou recounted the shock of discovering the breach, initially estimating losses at 30,000 ETH before learning that the full extent of the theft reached 401,000 ETH (valued at $1.4 billion at the time). 

The exchange managed an emergency response that saw 350,000 withdrawal requests processed within 10 hours, a testament to its operational resilience during the crisis.

Also Read: Crypto Wallet Ledger Warns Of Scam Letters Claiming Security “Upgrade” And Urging Recovery Phrase Sharing

Strategic Investments and Global Coordination Pay Off

Greece’s preparedness for such a complex investigation stems from strategic foresight. By investing in Chainalysis Reactor in 2023, the Hellenic Authority positioned itself to handle high-level cybercrime operations. 

The collaboration with Performance Technologies gave Greek officials real-time visibility into cross-border transactions, enabling their first successful crypto seizure. 

The operation also underscores the growing importance of international coordination, as multiple law enforcement and blockchain intelligence agencies worked together to monitor fund flows and attempt recovery. 

The case sets a precedent for how smaller jurisdictions can effectively respond to global-scale cyber threats with the right tools and training.

Also Read: Chainflip Upgrades Protocol to Block Bybit Hacker Funds, Updates to Be Implemented in 24-72Hrs

Crypto Exploit Recoveries Gain Traction

The Bybit hack investigation is just one part of a broader global trend of asset recovery in crypto exploits. 

Another recent success came from Cetus, a decentralized platform that suffered a $162 million exploit. 

In response, over 90% of Sui Network validators voted to move frozen funds into a multi-signature trust wallet managed by Sui and OtterSec, ensuring controlled recovery for users. 

Cetus’s roadmap includes smart contract upgrades and platform relaunches. These developments suggest a shift in the crypto industry’s ability to respond to exploits, not just with preventive tools, but with proactive recovery frameworks. 

The Greek seizure, alongside efforts like Cetus’s, marks a turning point in crypto asset protection and legal enforcement.

Also Read: WhiteBIT Cryptocurrency Exchange Secures Over $150 Million in At-Risk Funds in 2024