The Laundromat – April Issue 2025
Welcome to the April Issue of The Laundromat!
One might think that money laundering would be made significantly more difficult in the EU due to the many legal and regulatory requirements and provisions. Excluded from this, however, seem to be crypto exchanges, which are still often enough discredited as a safe haven for money laundering activities. And the probably biggest theft to date at the crypto exchange Bybit seems to prove the doubters right, because North Korean cybercriminals are apparently now trying to launder the stolen funds, worth around $1.46 billion.
In this fourth edition of The Laundromat, we take a closer look at this spectacular case and report on others that prove that money laundering is an ongoing challenge for law enforcement and a major threat to global financial markets and economies.
Time and again, it also demonstrates the importance of cross-border cooperation and digital traceability.
🚨 The Bybit hack: How North Korean cybercriminals embarrassed investigating authorities and the operators of the crypto exchange provider Bybit
Bybit became the victim of the largest digital heist in history – not only because of the spectacular scale of the theft, but also because of the unprecedented speed, operational efficiency and professionalism of the perpetrators.
It is now known for certain that the North Korean hacker group Lazarus was behind it. These hackers tricked the Bybit executives from Dubai during a routine transaction with a sophisticated attack using various techniques and thus stole the equivalent of 1.46 billion US dollars. Around 401,000 Ethereum crypto coins which make up 90 percent of the loot were then converted directly into Bitcoin and distributed among approximately 4,400 wallets.
Contrary to popular belief, transactions involving cryptocurrencies such as Bitcoin or Ethereum are not anonymous but can be traced in the publicly accessible blockchain database. However, according to Chainalysis' blockchain analysis, the Lazarus hackers distributed the stolen funds to the crypto wallets via numerous intermediate addresses after converting them into Bitcoin.
Bybit has responded by offering a $140 million bounty to anyone with information that will help it get back the stolen funds. However, by mid-March 2025, only $2.3 million of this had been paid out to 12 informants, as published on the Lazarus Bounty website.
Stealth methods that Lazarus presumably also used
The North Korean hacking group used various methods to conceal the origin of the stolen goods converted into Bitcoin, such as the decentralized protocol THORSwap. So-called no-KYC exchanges or instant exchange services, which do not require the identification of their customers in accordance with Know Your Customer (KYC) requirements, are also suspected to have been used.
Crypto mixers like Tornado Cash are becoming increasingly important in the crypto market – especially as tools for concealing illegal transactions. Such crypto mixers are used particularly often in decentralized finance and on the darknet. It is likely that the Lazarus hackers also used these tools to make the stolen cryptocurrencies untraceable. As can be read on Elliptic, the obfuscation process by Lazarus has probably only just begun, but hundreds of thousands of dollars’ worth of assets have already been sent via crypto mixers and the wallet provider Wasabi.
Whether the hackers will be able to convert their loot into fiat money (government backed money) completely and in a timely manner remains questionable, as many crypto exchange platforms might now been sensitized and will hopefully look more closely at suspicious transactions.
In our further reading section at the end of this newsletter, we have included a glossary entry on MiCA regulation, which provides an overview of the EU requirements for crypto markets to curb money laundering in this market.
🚨 Multi-million tax fraud and money laundering uncovered by the “Russian-Pontian Syndicate”
New revelations about a criminal network known as the “Russian-Pontian Syndicate” are currently causing a stir in Greece. A confidential report by the investigating authorities, which was handed over to the Greek anti-money laundering authority on March 10, 2025, reveals that the state has lost tax revenues of over 9.7 million euros due to cigarette smuggling and subsequent money laundering.
The syndicate invested the illegal proceeds in real estate, including the purchase of a beach hotel and a luxury villa in Halkidiki, as well as the construction of a hotel complex. One of the main suspects is associated with a company whose reported income is disproportionate to its registered capital of over 1 million euros.
Additional suspicions arose from transactions between companies in Crete, one based in Dubai, a one-man business in Thessaloniki and a network of suspected letterbox companies.
This case highlights how internationally organized networks use modern money-laundering structures – and how important cross-border cooperation and digital traceability are.
📰 In case you missed it: BaFin Risk Monitor 2025 and the example of Hawala Banking
In the March issue of our newsletter, we reported on virtual IBANs as a payment method that, with reference to the BaFin Risk Monitor 2025, poses a potential higher risk in terms of money laundering from BaFin's point of view. Of course, the BaFin Risk Report 2025 highlights many other potential threats to the financial system.
And particularly in the wake of geopolitical conflicts, the informal payment method called “Hawala”, which is practiced for many years, has increased worldwide, as the BaFin also points out. Hawala works based on a “two-pot system” through middlemen, so-called “Hawaladar'” who operate without state authorization or supervision.
Hawala Banking operates without receipts, accounts or banks and is based on trust and confidentiality. Regulated money transfer offices are generally not used, which makes it more difficult to uncover the structures.
Hawaladars sometimes use this system to transfer large sums of money across national borders, which is why it can be assumed that this method is used to support terrorist financing, human trafficking, illegal immigration networks and many other criminal activities.
✨ Good News: Vietnam enforces strict check on large domestic and international wire transfers
Since December 1, 2023, stricter anti-money laundering rules have been in force in Vietnam. Financial institutions must report cash transactions over 400 million VND, domestic transfers over 500 million VND and international transfers from 1,000 USD. Suspicious cases, such as unusually high transactions or activities in the gambling and real estate sectors, require additional identity checks.
And these new requirements are apparently having an effect, as a major money-laundering ring was recently uncovered in Da Lat (a city in Vietnam) that carried out illegal transactions of up to USD 1.2 million a day.
📚 Further reading
The European MiCA Regulation (“Markets in Crypto-Assets”), creates a regulatory framework for the area of crypto-assets in the EU with the aim of increasing investor protection and ensuring the markets can function properly. Get more insights into the MiCA Regulation here.
👋 Thanks for tuning in. See you around next month!
🔔 If you enjoyed reading this, please subscribe to The Laundromat to get notified once the next issue is online.
💬 Thoughts? Questions? We'd love to hear from you in our comment section!
Hawe yo got a Web Wersion?