eXch Shuts Down After Alleged $1.4B Bybit Hack Laundering

Cryptocurrency exchange eXch has announced its decision to shut down operations on May 1, 2025, following allegations that it was involved in laundering funds from a significant hack of the cryptocurrency exchange Bybit. The hack, which occurred in February, resulted in the theft of approximately $1.4 billion in cryptocurrency. eXch, known for its privacy-focused approach and lack of Know Your Customer (KYC) procedures, has been under intense scrutiny from international investigators who suspect that the platform was used to launder a portion of the stolen funds.

The allegations against eXch are severe, with reports indicating that the exchange facilitated the laundering of around 90,000 Ethereum (ETH) from the Bybit hack. This has led to mounting pressure from investigators, who have been tracking the movements of the stolen funds and their connection to eXch. The exchange's decision to shut down comes as a result of this pressure, as well as the broader implications of being linked to North Korea's notorious Lazarus Group, a cybercriminal organization known for its involvement in high-profile hacks and cyberattacks.

The Lazarus Group, which has been accused of laundering funds through eXch, is a state-sponsored hacking group based in North Korea. The group has been implicated in numerous cybercrimes, including the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack. The connection between eXch and the Lazarus Group has raised concerns about the potential for state-sponsored cybercrime to infiltrate the cryptocurrency industry, and has highlighted the need for greater regulation and oversight in the sector.

eXch's decision to shut down is a significant development in the ongoing investigation into the Bybit hack, and underscores the challenges faced by cryptocurrency exchanges in maintaining the privacy and security of their users. The exchange's lack of KYC procedures has made it a target for cybercriminals, who have exploited its anonymity to launder stolen funds. The shutdown of eXch is likely to have a ripple effect throughout the cryptocurrency industry, as other exchanges come under increased scrutiny and pressure to implement more robust security measures.

The closure of eXch also raises questions about the future of privacy-focused cryptocurrency exchanges, which have long been a contentious issue in the industry. While some argue that these exchanges are essential for protecting user privacy, others contend that they facilitate illegal activities and undermine the integrity of the cryptocurrency market. The allegations against eXch have only served to intensify this debate, and have highlighted the need for a more nuanced approach to regulating privacy-focused exchanges.

eXch CEO Johann Roberts stated that the decision to shut down was spurred by a "verified whistleblower from the DOJ" who provided "enough real data." The exchange cited an "active transatlantic operation" targeting its infrastructure and potentially pursuing money laundering and terrorism charges against its team. eXch will continue to provide API access to partners until May 1. After that, a new management team will determine its future operations.

In February, the FBI linked North Korea's infamous Lazarus Group to the Bybit incident. Days after the hack, eXch CEO Johann Roberts responded to questions regarding allegations from investigative groups blaming it for processing funds, despite Bybit's repeated requests to block the transactions. At the time, on-chain investigators observed "an abnormal spike" in Ethereum volume through the platform immediately following the theft. eXch initially denied those allegations, stating that it was not laundering money for Lazarus/DPRK. The exchange claimed this was due to outdated data from its third-party AML screening provider, which took roughly 12 hours to update info on the hacked addresses.

eXch later acknowledged in an emailed statement that it had processed "vastly a minor part" from the batch of Ethereum (approximately 90,000), laundered through "multiple centralized and decentralized services" out of a total of 401,346 ETH stolen from Bybit. eXch argued at the time that their refusal to cooperate with Bybit was due to its "direct attacks" on eXch's reputation in the past. eXch also claimed that Elliptic refused them as a customer because they were a "non-KYC accountless exchange" operating to "preserve privacy" for its users. Such a situation "reflects not only our challenges, but also broader issues within the industry, particularly the elitist policies of certain companies," Roberts said.

For its curtain call, eXch criticized other exchanges' AML practices as "nonsensical policies" and argued that screening mechanisms can be "easily bypassed." The closure of eXch is a significant development in the ongoing investigation into the Bybit hack, and underscores the challenges faced by cryptocurrency exchanges in maintaining the privacy and security of their users. The exchange's connection to the Lazarus Group has raised concerns about the potential for state-sponsored cybercrime to infiltrate the cryptocurrency industry, and has highlighted the need for greater regulation and oversight in the sector. The closure of eXch is likely to have a ripple effect throughout the cryptocurrency industry, as other exchanges come under increased scrutiny and pressure to implement more robust security measures.