Greece Cracks Down: $1.46B in Lazarus-Linked Crypto Frozen After Bybit Heist

Greek authorities just dropped the hammer on North Korea's infamous Lazarus Group—freezing a crypto fortune tied to their $1.46 billion Bybit hack. The digital dragnet tightens.

The Frozen Trail

Athens didn't blink when tracing the laundered funds through DeFi mixers. Now those ill-gotten gains are stuck in regulatory purgatory—where they belong.

Cybercrime Meets Old-School Policing

When blockchain sleuths handed Greece the evidence, prosecutors moved faster than a memecoin pump. Take note, Wall Street: this is how you actually 'protect investor assets.'

The message? Even in crypto's wild west, the long arm of the law still reaches. Lazarus might need a real miracle this time.

Greece Successfully Traces $1.46 Billion Hack by Lazarus Group

The attack on Bybit is believed to have been carried out by Lazarus, a North Korean hacking group known for sophisticated cyberattacks targeting crypto platforms.

The Bybit hack, referred to by the FBI as “TraderTraitor,” shocked the industry after the attackers stole approximately $1.46 billion worth of Ethereum. This amount surpasses the total value stolen by North Korea-linked groups throughout 2024, which was $1.34 billion, according to Chainalysis.

Following the incident, analysts from Chainalysis assisted the Hellenic AML Authority in tracing the funds. They also identified a wallet tied to a local exchange platform in Greece.

As a result, the suspicious assets were successfully frozen, marking the first cross-border recovery of funds from such a cyberattack. Greece’s Minister of National Economy and Finance, Kyriakos Pierrakakis, emphasized the role of blockchain technology and international collaboration in combating financial crime.

This development signals a positive shift for countries striving to regulate crypto assets while highlighting the industry’s increasing security risks.

Lazarus, previously responsible for incidents like the 2022 Axie Infinity hack ($620 million), continues to evolve. Within just two days of the Bybit breach, it demonstrated the ability to launder funds.

TRM Labs noted that the operation reflected a highly coordinated “flood the zone” tactic. This tactic involved executing rapid, multidirectional transactions designed to overwhelm surveillance and compliance systems.

“The Bybit exploit indicates that the regime is intensifying its ‘flood the zone’ technique—overwhelming compliance teams, blockchain analysts, and law enforcement agencies with rapid, high-frequency transactions across multiple platforms, thereby complicating tracking efforts,” TRM observed.

This illustrates the urgent need for tighter cooperation between regulators and blockchain analytics firms.

The incident also puts additional pressure on exchanges like Bybit to enhance security, especially as deposits on both DeFi and CeFi platforms rise sharply. According to DeFiLlama, total value locked (TVL) reached $121 billion globally as of July 2025.

Greece’s success may inspire similar efforts from countries such as South Korea and the United States. However, the process of tracking and seizing crypto assets remains challenging due to blockchain networks’ inherent anonymity.