The $38 million in cryptocurrency seized from eXch, which was connected to the Bybit hack, marked the third-largest digital asset confiscation ever carried out by Germany’s federal criminal police.
A total of 34 million euros ($38 million) in cryptocurrency was confiscated by German law enforcement from eXch, a crypto platform allegedly utilized to launder proceeds from the record-setting $1.4 billion hack targeting Bybit.
The seizure was disclosed on May 9 by Germany’s Federal Criminal Police Office (BKA) in collaboration with the Frankfurt Public Prosecutor’s Office and included various cryptocurrencies, such as Bitcoin. This action has been recorded as the third-largest crypto confiscation in the history of the BKA.
It was further stated in the announcement that eXch’s server infrastructure located in Germany, containing more than eight terabytes of data, was also seized by authorities, and the platform was taken offline.
eXch Facilitated Crypto Swaps Without AML Compliance
In the statement, eXch was characterized by the BKA as a “swapping” service through which users were enabled to exchange multiple cryptocurrency assets without the application of Anti-Money Laundering (AML) protocols.
The platform, which had been in operation since 2014, was reported to have facilitated approximately $1.9 billion in cryptocurrency transactions, a portion of which was suspected to be of “criminal origin,” including assets that were allegedly laundered in connection with the Bybit hack.
According to the authorities, a portion of the $1.5 billion that was stolen during the February 21, 2025 hack of the Bybit crypto exchange is believed to have been laundered through eXch, among other illicit activities.
Laundering Cases Involved Multisig, FixedFloat Platforms
According to a post shared by crypto investigator ZachXBT, eXch was also implicated in the laundering of millions in illicit funds stemming from various crypto-related thefts and exploits, including those involving Multisig, FixedFloat, and the $243 million stolen in the Genesis creditor breach.
ZachXBT stated that, in addition to those incidents, eXch had also been linked to “numerous phishing drainer services over recent years,” while reportedly refusing to block flagged wallet addresses or comply with freeze orders.
ZachXBT was identified as one of the earliest security analysts to report on eXch’s involvement in laundering approximately $35 million in crypto assets, which had been stolen from Bybit shortly after the hack was officially confirmed.
In a Telegram post dated February 22, it was stated by ZachXBT that 5,000 ETH from the Bybit hack had been transferred by the Lazarus Group to a new wallet address and subsequently laundered through eXch, identified as a centralized mixer, with additional funds being bridged to Bitcoin via Chainflip.
eXch Declared Service Shutdown Effective by May 1
Following an initial denial of any role in laundering funds linked to the Bybit hack, an announcement was eventually made by eXch in a mid-April Bitcoin Talk post stating that its operations would be terminated by May 1.
It was stated by the platform that, although operations had continued despite several unsuccessful efforts to dismantle its infrastructure, there was no longer any justification to remain active in an adversarial environment where it had become the focus of Signals Intelligence (SIGINT) efforts, attributed to misunderstandings surrounding its intended objectives.
In response to the seizure, the significance of taking action against “rapid and anonymous avenues for laundering any amount of money” was emphasized by senior public prosecutor Benjamin Krause.
It was stated by him that crypto swapping serves as a critical element within the underground economy, utilized to obscure illicit funds derived from activities such as hacking or the trade of stolen payment card data, thereby rendering those assets accessible to offenders.
