Quick Summary
- German police confiscated €34 million ($38M) in crypto from platform eXch
eXch allegedly helped launder part of the $1.4 billion stolen in the Bybit hack - Over 8TB of data was seized, shutting down the platform’s German operations
- Linked to North Korea’s Lazarus Group, known for global cybercrimes
- Platform tied to laundering $300K linked to CSAM and other high-profile thefts
- Operated with no KYC/AML checks, enabling anonymous token swaps
- Despite shutdown claims, its backend API remained active post-deadline
Germany Cracks Down on eXch’s Crypto Crime Network
In a sweeping move against crypto crime, German authorities have seized $38 million in cryptocurrency from eXch, a crypto-swapping service allegedly involved in laundering funds from the $1.46 billion Bybit hack. The raid, announced on May 9, marks the third-largest crypto seizure in Germany’s history.
The Federal Criminal Police Office (BKA) and Frankfurt’s public prosecutor collaborated on the operation, which included the confiscation of more than 8 terabytes of data from eXch’s servers—effectively halting its operations within Germany.
How eXch Became a Money Laundering Hub
Founded in 2014, eXch positioned itself as a no-frills crypto-swapping platform, boasting cross-chain functionality with no identity verification. But this lack of compliance with anti-money laundering (AML) standards soon attracted the wrong crowd.
According to the BKA, eXch processed approximately $1.9 billion in crypto, with a significant portion linked to illicit activities—including phishing attacks, exchange hacks, and the laundering of stolen assets. Authorities confirmed that the Lazarus Group, a notorious North Korean hacking syndicate, laundered over 5,000 ETH through the platform following the Bybit breach on February 21, 2025.
Ignoring Warnings, Fueling Crimes
Noted blockchain analyst ZachXBT highlighted eXch’s involvement in various high-profile cybercrimes, including the $243M Genesis creditor theft, multisig wallet exploits, and FixedFloat hacks. Despite repeated warnings and freeze orders, the platform continued operations, making no effort to block illicit flows.
Even after eXch publicly announced it would shut down by May 1, blockchain forensics firm TRM Labs discovered its backend API remained live well into mid-April—allowing ongoing laundering activity.
Worse still, TRM’s data also connected eXch to laundering over $300,000 tied to child sexual abuse material (CSAM)—a shocking revelation that has amplified global scrutiny.
What This Means for Crypto Regulation
This takedown signals growing international resolve to target non-compliant crypto services. With cross-border collaboration, authorities are cracking down on platforms that facilitate anonymity over accountability. eXch’s fall is a wake-up call to the industry: compliance is no longer optional.