Greek authorities have executed the country's first cryptocurrency seizure, freezing some of the funds linked to the record $1.5 billion Bybit theft in February of this year, which was attributed to the North Korean Lazarus Group.

The Greek Anti-Money Laundering Authority tracked a suspicious transaction to a wallet, with on-chain data suggesting the wallet was linked to the initial theft. According to Greek Economy and Finance Minister Kyriakos Pierrakakis, the wallet is linked to a "Greek platform providing transaction services." Analysts used the Chainalysis Reactor tool to map the flow of funds to "clearly establish the connection between the cryptocurrency in the suspect user's wallet and the main wallet in the Bybit hack."

With this evidence, the Anti-Money Laundering Authority was able to issue an asset freeze order, locking the funds before they disappeared. According to Pierrakakis, the actions of the Greek Anti-Money Laundering Authority have helped return approximately 10 million euros (approximately $11.70 million) to the victims, although it is unclear whether this is directly related to the frozen assets.

Hackers have previously transferred funds through mixers such as Wasabi and Tornado Cash, cross-chain bridges, and peer-to-peer platforms. Bybit's public "LazarusBounty" dashboard shows that approximately $72.00 million (or 5% of the stolen Ethereum) has been frozen to date, and approximately one-third of the funds are still traceable. According to the dashboard, approximately $870.00 million of the stolen funds have "completely disappeared."