In a historic milestone for Greece’s fight against financial crime, the Hellenic Anti-Money Laundering Authority (HAML) executed the country’s first-ever cryptocurrency seizure, successfully recovering a portion of funds stolen in the massive $1.5 billion Bybit exchange hack of February 2025.
This breakthrough, announced on July 9, 2025, underscores the growing role of blockchain analytics in combating sophisticated cybercrime and highlights Greece’s emergence as a leader in crypto enforcement.
With assistance from Chainalysis, a blockchain analysis firm, and regional partner Performance Technologies, Greek authorities traced and froze illicit funds, setting a new standard for anti-money laundering (AML) efforts in the cryptocurrency space.
The Bybit hack, widely attributed to North Korea’s Lazarus Group, ranks as the largest cryptocurrency heist in history, surpassing previous records like the $611 million Poly Network theft in 2021.
Hackers exploited a vulnerability in Bybit’s security by manipulating a free software product, Safe, used for transaction approvals.
By injecting malicious JavaScript into the frontend code, attackers tricked Bybit’s CEO into signing a fraudulent transaction, siphoning approximately 401,000 ETH (valued at $1.5 billion) from the exchange’s Ethereum cold wallet to addresses under their control.
The stolen funds were then funneled through a complex web of intermediary wallets, decentralized exchanges (DEXs), and cross-chain bridges to obscure the trail.
The Hellenic Authority’s success stemmed from its proactive investment in advanced blockchain analytics.
In 2023, anticipating the rise of crypto-related crime, the Authority acquired Chainalysis Reactor, a powerful forensic tool capable of tracing transactions across over 25 blockchains, even through obfuscation tactics like mixers and bridge hops.
Supported by Performance Technologies, which provided training and operational expertise, HAML analysts were well-prepared when a suspicious transaction surfaced in May 2025.
Using Reactor, they mapped the flow of stolen ETH, linking a wallet on a Greek exchange to the Bybit hack’s primary wallets.
The irrefutable on-chain evidence enabled authorities to issue an emergency “Freezing Order,” halting the movement of the illicit funds.
The case has since been escalated to Greece’s prosecuting authority for further legal action.
This operation marks a turning point in global crypto crime enforcement.
The blockchain’s transparent ledger, while a tool for criminals, also provides law enforcement with a permanent digital trail.
Chainalysis Reactor’s ability to visualize complex transaction flows empowered Greek analysts to unravel the Lazarus Group’s sophisticated laundering scheme, which involved rapid, high-frequency transfers to overwhelm tracking efforts.
The seizure not only disrupted the hackers’ ability to profit but also demonstrated the efficacy of public-private partnerships.
Performance Technologies’ role in equipping HAML with cutting-edge tools and expertise mirrors successful models like the FBI’s crypto task forces, blending global technology with local enforcement.
The Bybit hack exposed vulnerabilities in centralized exchanges, prompting renewed scrutiny of security protocols.
North Korea-linked hackers, responsible for stealing over $5 billion in crypto since 2017, have increasingly targeted platforms like Bybit, exploiting weaknesses through phishing, supply chain attacks, and private key compromises.
The scale and speed of the Bybit heist— with over $400 million laundered within days—highlight the need for real-time threat detection and robust security measures.
Chainalysis’s acquisitions of AI-driven firms like Alterya and Hexagate aim to address these challenges by enhancing proactive fraud prevention.
Greek Finance Minister Kyriakos Pierrakakis hailed the seizure as a “blueprint” for modern financial defense, emphasizing its implications for global AML efforts.
The operation not only recover red stolen assets but also sent a strong message to cybercriminals: blockchain transparency, combined with advanced analytics, can dismantle even the most intricate schemes.
As cryptocurrencies gain mainstream adoption, Greece’s landmark seizure showcases the power of technology and international collaboration in safeguarding the digital economy.