Key Takeaways
- According to investigators, the eXch platform had facilitated roughly $1.9 billion in digital asset transactions since its founding in 2014
- In its shutdown message, eXch argued that it was being targeted for its privacy-centric mission and criticized AML and KYC protocols as ineffective
German authorities have seized $38 million in crypto from eXch, a crypto platform accused of laundering funds linked to 2025 Bybit’s $1.4 billion hack. The announcement was made jointly by Germany’s Federal Criminal Police Office (BKA) and Frankfurt’s main public prosecutor’s office.
The enforcement action involved the confiscation of multiple crypto including Bitcoin, Ethereum, Litecoin, and Dash. According to investigators, the eXch platform had facilitated roughly $1.9 billion in digital asset transactions since its founding in 2014, with a portion of those transactions suspected to be tied to illicit sources.
Authorities said part of the stolen $1.4 billion in crypto from Bybit—attributed to the North Korean Lazarus Group—was funnelled through eXch. “The operators of eXch are therefore suspected of commercial money laundering and the operation of a criminal trading platform on the internet,” the BKA said in its translated statement.
Described as a crypto “swapping” service, eXch allowed users to trade between various digital assets without implementing standard Anti-Money Laundering (AML) protocols. German officials said this lack of compliance made the platform a haven for criminal transactions. The seizure marks the third-largest cryptocurrency confiscation in the BKA’s history.
The eXch platform had preemptively announced in April that it would shut down by May 1, claiming a “transatlantic operation” was underway to dismantle its infrastructure and prosecute its team. Despite the short notice, German authorities were able to secure over eight terabytes of server data as evidence.
In its shutdown message, eXch argued that it was being targeted for its privacy-centric mission and criticized AML and KYC protocols as ineffective. “Privacy is not a crime,” the platform stated. “Any instant exchangers that screen their customer deposits using third-party APIs and appeal to nonsensical AML/KYC terms are far from preventing money laundering and terrorism.”
Crypto investigator ZachXBT identified eXch as a key player in laundering millions in stolen assets from multiple hacks, including those affecting FixedFloat, Multisig, and the $243 million Genesis creditor breach. In a post on Telegram dated February 22, ZachXBT noted that 5,000 ETH from the Bybit hack had been sent through eXch and bridged to Bitcoin using Chainflip.
After initial denials of involvement, eXch confirmed in mid-April that it would cease operations due to “hostile” conditions, alleging surveillance and interference with its infrastructure.
“Even though we have been able to operate despite some failed attempts to shut down our infrastructure, we don’t see any point in operating in a hostile environment where we are the target of SIGINT simply because some people misinterpret our goals,” it wrote.
The latest development comes amid German law enforcement cracking down on crypto laundering efforts. Last year, authorities seized 47 crypto exchange services hosted in the country that indulged in illegal money laundering