German police seized €34 million ($38 million) in crypto from the platform eXch on May 8. This was part of an ongoing investigation into the alleged use of eXch for laundering funds stolen during Bybit’s record-breaking $1.4 billion hack in February 2025.
Germany’s Federal Criminal Police Office (BKA) and Frankfurt’s main prosecutor’s office announced the seizure, which marks the third-largest crypto confiscation in the BKA’s history. The seized crypto includes a mix of assets such as Bitcoin (BTC), Ether (ETH), Litecoin (LTC), and Dash (DASH).
The authorities also seized over eight terabytes of data stored on eXch’s German server infrastructure, effectively shutting down the platform.
The BKA stated that a large portion of the Bybit exploit’s proceeds was funneled through eXch, making the platform an important player in the network of illicit crypto transactions.
eXch’s Role in Crypto Laundering and its Unlawful Operations
Launched in 2014, eXch marketed itself as a privacy-centric “swapping” service, offering users the ability to exchange crypto assets across various blockchains without requiring identity verification or adhering to Anti-Money Laundering (AML) regulations.
This noncompliance made it a magnet for criminals looking to “wash” stolen funds and conceal their origins through obfuscation tactics such as token hopping, cross-chain bridges, and multiple wallets.
According to the BKA’s findings, eXch was used in laundering over €1.75 billion ($1.9 billion) worth of crypto, a large portion of which is suspected to originate from criminal activities.
Crypto security analyst ZachXBT, who has previously exposed some of the industry’s largest hacks and laundering operations, confirmed that eXch also played a major role in processing funds from other high-profile incidents.
Source: ZachXBT
This includes the multisig wallet exploits, FixedFloat exchange-related laundering, the $243 million Genesis creditor heist, and numerous phishing drainers and rug pulls over the past few years.
ZachXBT further revealed that eXch ignored repeated warnings, refused to block malicious wallet addresses, and did not comply with freeze orders issued by regulators or intelligence-led investigators.
Additionally, according to ZachXBT’s February 22 Telegram post, even the North Korean Lazarus Group allegedly used eXch to launder over 5,000 ETH stolen from the Bybit hack.
This detail links eXch to state-sponsored cybercrime, which elevates the geopolitical importance of the investigation.
Platform Denial, Sudden Shutdown, and Official Response
In April, eXch denied helping launder stolen funds for the Lazarus Group. It said only a small portion of the Bybit hack funds passed through its system.
Soon after, the platform announced it would shut down by May 1, blaming increasing pressure and signals intelligence targeting its servers.
However, eXch’s shutdown didn’t last. On April 27, the suspension notice disappeared, and the site resumed operations.
A report from TRM Labs revealed that eXch never really shut down. While its websites went offline, its backend API stayed active. This allowed users to continue moving funds using eXch’s signature laundering method, which involves mixing funds in pools that hide where the money comes from.
TRM found that eXch was still being used by criminal groups, including the Lazarus Group and those linked to child sexual abuse material (CSAM).
Over $300,000 connected to CSAM has passed through eXch, with more expected. The system also made it hard to tell which funds were clean or criminal.
The post eXch Crackdown: German Police Seize $38M Linked to $1.4B Bybit Hack appeared first on Cryptonews.
