Pierluigi Paganini
May 12, 2025
On April 30, 2025, Germany’s Federal Criminal Police (BKA) shut down the eXch crypto exchange (eXch.cx), seizing its infrastructure over money laundering and illegal trading allegations. ZIT, BKA, and Dutch FIOD led the operation, expecting the evidence to aid other cybercrime investigations.
The law enforcement published the following notice on the seized platform.
The German law enforcement seized €34M in crypto and 8TB of data from the platform, marking its third-largest crypto asset seizure ever.
The crypto exchange has been active since 2014, enabling anonymous crypto swaps via clearnet and darknet, avoiding Anti Money Laundering rules. The authorities suspect the platform allowed laundering $1.9B.
“Users were neither required to identify themselves to the service, nor was user data stored there. Crypto swapping via eXch was therefore particularly suitable for concealing financial flows. Since the service was launched, crypto assets worth an estimated 1.9 billion US dollars have been transferred. There is suspicion that eXch, in particular, accepted Bitcoin of criminal origin.” reads the press release published by BKA. “Among other things, a portion of the 1.5 billion US dollars stolen from the crypto exchange Bybit, which was hacked on February 21, 2025, is said to have been exchanged via eXch.”
In February, 2025, Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever.
eXch announced it would shut down on May 1, 2025, but authorities acted swiftly, seizing data and crypto assets.
“Recently, we received confirmation of information we had previously, thanks to some friends we have even in the state intelligence sector, that our project is the subject of an active transatlantic operation aimed at forcibly shutting our project down and prosecuting us for “money laundering and terrorism.
Even though we have been able to operate despite some failed attempts to shutdown our infrastructure (attempts that have also been confirmed to be part of this operation), we don’t see any point in operating in a hostile environment where we are the target of SIGINT simply because some people misinterpret our goals.” eXch operators wrote on the BitcoinTalk forum. “Starting from the date of the merger with a new management team this month, and as a result of some urgent meetings, the majority of us voted to cease and retreat instead of going against strong winds, because none of us want to cause any harm to innocent people or this forum.”
“Crypto swapping is an essential component of the underground economy, used to conceal incriminated funds from illegal activities such as hacking or trading in stolen payment card data, thus making them available to criminals.” Dr. Benjamin Krause, Chief Public Prosecutor at the Central Intelligence Agency
(ZIT) said. “It is therefore all the more important that law enforcement agencies consistently take action against such quick and anonymous opportunities for money laundering of any amount and deprive criminals of the proceeds of the crime.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, eXch crypto exchange)
