Authorities in Greece have identified a local connection to one of the largest crypto heists in history, the staggering $1.5 billion Bybit platform theft that occurred in February 2024.
An investigation by the Anti-Money Laundering Authority led to the freezing of a Greek user’s cryptocurrency wallet after it was found to have received a significant amount of Ethereum directly traceable to the illicit funds.
The discovery marks the first time a clear Greek footprint has emerged in a digital financial crime of such immense scale.
The breakthrough came weeks ago when the Anti-Money Laundering Authority’s specialized analysts detected an unusual transaction: a large influx of Ethereum into an account on a registered cryptocurrency exchange platform in Greece. Further scrutiny revealed the “digital money” had traversed a complex path originating from the infamous Bybit theft. A prosecutor’s order swiftly followed, leading to the immediate freezing of the user’s digital wallet.
Ethereum (ETH) is the world’s second-most widespread cryptocurrency after Bitcoin. However, it’s more than just a digital currency; it’s a sophisticated digital platform that underpins various applications, from smart contracts to decentralized banking services.
Cryptocurrencies like Ethereum are stored in “digital wallets” (crypto wallets), which function similarly to bank accounts but operate without a traditional financial institution. Access to these funds requires a “private key,” a password-like identifier. While the wallet address is public, it does not disclose the owner’s identity, making tracing transactions a complex task for law enforcement.
Bybit, a prominent international cryptocurrency exchange, became the target of a massive cyberattack in February 2024. Hackers infiltrated the company’s “cold wallets”—offline storage devices typically used for enhanced security—and siphoned off cryptocurrencies valued at approximately $1.5 billion.
U.S. authorities, particularly the FBI, have attributed the attack to the notorious Lazarus Group, a hacking collective linked to the North Korean government, which is known to engage in financial cybercrime to fund its nuclear program. On February 26, the FBI issued a public alert, providing specific digital wallet addresses associated with the stolen funds and urging global platforms to identify and freeze related assets.
The connection with Greece emerged from what initially appeared to be a routine transaction. The Anti-Money Laundering Authority‘s systems flagged suspicious capital movements, specifically a substantial amount of Ethereum credited to a Greek user’s digital wallet.
Leveraging advanced blockchain analysis software, the Authority’s trained analysts “untangled the knot.” Their digital checks revealed that the funds did not originate from a legitimate commercial transaction or crypto market. Instead, they traced back to a specific “traffic path” of transactions previously identified by the FBI.
This path pointed directly to one of the Ethereum wallets involved in the laundering of the $1.5 billion stolen from Bybit. The digital currencies had been fragmented, moved through numerous intermediary wallets, with a portion ultimately reaching the Greek user’s account.
The transparency of the blockchain, which publicly records every transaction (sender, receiver, time, and amount), despite anonymizing owners, enabled this tracing. Tools like Chainalysis, Elliptic, and TRM Labs allowed authorities to map these financial flows with remarkable precision, even when broken into hundreds of smaller transfers.
The discovery that one of the recipient wallets was linked to a Greek user registered with a Virtual Asset Service Provider (VASP) in Greece immediately activated the Authority’s internal protocol.
The wallet was promptly frozen, and the findings of the investigation were forwarded to the Prosecutor’s Office to examine any potential criminal liability or cooperation of the user with international networks.
At this stage, there is no indication that the Greek individual was aware of the precise origin of the digital funds received, but authorities are exploring all possibilities, including whether the user inadvertently served as an “intermediate link” in a global digital money laundering chain.
