On July 10, Greek authorities executed the country's first cryptocurrency seizure operation, freezing part of the funds related to the Lazarus Group from North Korea in the record-breaking $1.5 billion Bybit theft in February this year.
The Greek Anti-Money Laundering Authority tracked a suspicious transaction flowing to a wallet that chain data indicated was linked to the original theft. According to Greek Minister of Economy and Finance Kyriakos Pierrakakis, the wallet was associated with a "Greek platform providing trading services". Analysts used the Chainalysis Reactor tool to map the fund flow, aiming to "clearly establish the connection between the cryptocurrency in the suspect user's wallet and the main wallet in the Bybit hacking incident".
With this evidence, the Anti-Money Laundering Authority was able to issue an asset freeze order, locking the funds before they could disappear. According to Pierrakakis, the Greek Anti-Money Laundering Authority's action has helped return approximately 10 million euros (about $11.7 million) to victims, though it is unclear whether this is directly related to this asset freeze.
Hackers previously transferred funds through mixers like Wasabi and Tornado Cash, cross-chain bridges, and peer-to-peer platforms. Bybit's public "LazarusBounty" dashboard shows that approximately $72 million (5% of the stolen Ethereum) has been frozen, with about one-third of the funds still traceable. According to the dashboard, approximately $870 million of the stolen funds have "completely disappeared".
