Greece Seizes Crypto Linked to $1.5B Bybit Hack Tied to Lazarus Group

Greece has conducted its first-ever cryptocurrency seizure, targeting funds stolen in the $1.5 billion Bybit hack that occurred in February and was allegedly orchestrated by North Korea’s Lazarus Group. The Hellenic Anti-Money Laundering Authority traced a suspicious transaction to a wallet connected to the theft using on-chain analysis tools. The wallet, according to Minister of Economy and Finance Kyriakos Pierrakakis, was linked to a Greek crypto exchange platform.

Investigators leveraged Chainalysis Reactor to track the flow of the stolen funds, successfully establishing a direct connection between the suspect’s wallet and the primary addresses used in the Bybit breach. This allowed authorities to issue a freezing order, securing the assets before they could be laundered or moved further.

While Pierrakakis noted that the anti-money laundering unit has facilitated the return of approximately €10 million (around $11.7 million) to victims, it remains unclear if this recent seizure is included in that total. The Lazarus Group has historically used tools such as Wasabi Wallet, Tornado Cash, cross-chain bridges, and peer-to-peer exchanges to obscure their transactions and launder stolen crypto.

Bybit’s “LazarusBounty” dashboard reports that about $72 million—roughly 5% of the stolen ether—has been frozen to date. Another third of the funds remain traceable, while a staggering $870 million has gone completely dark on-chain.

The unprecedented crypto asset freeze by Greek authorities highlights growing global efforts to combat crypto-related cybercrime, especially as state-sponsored groups like Lazarus continue to exploit DeFi and cross-chain technologies.