eXch Shuts Down as Bybit Cuts Web3 Services After Historic Hack
Cryptocurrency exchange eXch has announced it will cease operations on May 1 following allegations that it was used to launder funds tied to the $1.4 billion Bybit hack, reportedly involving North Korea’s Lazarus Group. The decision comes amid mounting pressure from international investigations and internal concerns over operating in an increasingly hostile environment.
Meanwhile, Bybit, the direct victim of the February exploit, is moving to streamline its operations by shutting down a wide range of Web3 services, including its wallets, NFT marketplace, and decentralized exchange.
Crypto Exchange eXch to Shut Down Amid Allegations of Laundering Funds From Historic Bybit Hack
Crypto exchange eXch has announced it will permanently cease operations on May 1, following explosive allegations linking the platform to one of the largest crypto thefts in history — the $1.4 billion Bybit exploit.
In a public notice published on April 17, the embattled platform cited mounting international pressure and internal consensus as primary drivers for its decision to shut down.
According to the statement, the exchange’s management voted to “cease and retreat” after a series of reports alleged that North Korea’s notorious Lazarus Group used eXch to launder roughly $35 million of the stolen assets. The company said it is now the subject of “an active transatlantic operation,” possibly involving intelligence agencies, which seeks to dismantle the exchange’s infrastructure and bring criminal charges against individuals connected to it.
“Even though we have been able to operate despite some failed attempts to shut down our infrastructure... we don’t see any point in operating in a hostile environment where we are the target of SIGINT [Signals Intelligence],” the company’s statement read.
Ties to the Lazarus Group: Denial, Then Concession
The Lazarus Group, a state-sponsored hacking syndicate tied to the North Korean regime, has been responsible for numerous cyberattacks on financial institutions and crypto platforms. Initially, eXch denied any involvement with the Lazarus Group following accusations from prominent blockchain investigators. However, the platform later admitted to unknowingly processing what it called an “insignificant portion” of the hacked funds.
While the platform’s leaders maintained that they were unaware of the origins of the tainted assets, critics argued that the exchange’s lax compliance and privacy-first posture created an ideal laundering route for cybercriminals. In its farewell message, eXch took aim at industry peers, claiming that exchanges which comply with strict anti-money laundering (AML) standards are “abusing customers with nonsensical policies.”
This stance, the company argued, positioned eXch as a target — not just for regulators, but for sophisticated intelligence networks that have allegedly attempted to compromise or disable its systems.
The wider saga began with the February 2025 hack of Bybit, which rapidly escalated into the largest digital asset heist in history. The attackers siphoned off $1.4 billion from the platform, triggering a massive wave of withdrawals that totaled over $5 billion in the days that followed. Bybit CEO Ben Zhou attempted to calm user fears by assuring the public that the company had sufficient funds to cover losses if recovery efforts fell short.
Bybit offered more than $2 million in rewards for information leading to the recovery or freezing of stolen assets. As of April 10, the exchange had managed to claw back enough credibility to return to its pre-hack market share of roughly 7%.
Privacy vs. Compliance: An Industry at a Crossroads
The shutdown of eXch raises pressing questions about the balance between user privacy and regulatory oversight in the cryptocurrency ecosystem. While many decentralized and privacy-focused platforms position themselves as defenders of financial freedom, their resistance to implementing stricter AML and Know Your Customer (KYC) protocols has made them ripe targets for abuse by bad actors.
The Lazarus Group’s continued targeting of under-regulated platforms sheds light on the geopolitical dimension of cryptocurrency crime — a landscape where hacking isn’t just about profit, but also about state strategy. The group has been previously linked to the 2017 WannaCry ransomware attack and the $600 million Axie Infinity (Ronin Network) hack in 2022.
Bybit Winds Down Web3 Services Amid Strategic Overhaul Following $1.4B Hack
Meanwhile, crypto exchange giant Bybit is taking another bold step in its post-hack restructuring strategy, announcing it will terminate nearly all of its Web3 services by May 31, including its multi-chain decentralized exchange, loyalty rewards program, and popular wallet features. The move follows the earlier shutdown of its non-fungible token (NFT) marketplace and comes just months after the catastrophic $1.4 billion exploit rocked the platform.
In an April 16 statement, Bybit confirmed the phased sunset of key Web3 components, signaling a dramatic pivot away from its previously expansive on-chain ecosystem. “We will be optimizing our current Web3 product and service offerings to focus on delivering high-quality services to our users,” the company said.
The sweeping shutdown includes Cloud Wallet, a hosted custodial wallet for user assets, and Keyless Wallet, a non-custodial option based on multiparty computation that eliminated the need for seed phrases — a flagship security product in Bybit’s Web3 suite. Both wallets will be decommissioned on May 31.
Additionally, Bybit will shut down:
DEX Pro, its multi-chain decentralized exchange
Swap & Bridge, a cross-chain swapping widget
Web3 Points, its loyalty program that rewarded on-chain activity with fee discounts and airdrop boosts
NFT Pro, a decentralized NFT marketplace
Inscription Marketplace, focused on digital artifacts and Bitcoin inscriptions
Fiat-to-Crypto On-Ramp, the gateway for new crypto entrants
Apex Pro Gateway, which allowed users access to a derivatives-focused DEX
Initial DEX Offering (IDO) service, used for early-stage token fundraising
The final shutdown date for these services is April 28, with all user data and assets expected to be safely retrievable or migrated prior to that date.
Strategic Refocusing: Back to Core Competencies
The decision to trim its Web3 ambitions appears to be a direct response to the immense operational stress caused by the February hack.
Although CEO Ben Zhou assured users at the time that the exchange was “solvent” and able to cover the full loss — with all client assets backed 1:1 — the fallout has pushed Bybit into a leaner, more focused strategy.
While the closures represent a retreat from its prior Web3 roadmap, Bybit is not turning its back entirely on crypto innovation. The exchange has recently partnered with Avalon, a Bitcoin-based yield protocol, to offer BTC yield products on its platform. The integration enables users to earn fixed returns through arbitrage opportunities within Avalon’s institutional-grade lending network.
This selective approach hints that Bybit is moving from building its own Web3 infrastructure to leveraging external protocols that are already optimized for specific use cases.
Bybit’s decision mirrors similar moves by other major crypto players in 2025. Earlier this month, NFT marketplace X2Y2 also shut down operations amid declining volumes and rising compliance costs. The once-hyped NFT space has faced a sharp contraction as speculative interest fades and regulatory scrutiny intensifies.
Despite rumors that Bybit has begun charging up to $1.4 million to list tokens on its centralized exchange — a claim made by an anonymous user on X — the company strongly denied the accusation. The exchange insists its listing process remains merit-based and subject to rigorous due diligence.
A Market Recovery and a Reputation to Rebuild
Despite the hack, Bybit’s market share has already rebounded, signaling a resilient user base and strong institutional trust. Much of this recovery has been attributed to aggressive bounty programs, forensic investigations, and operational transparency in the aftermath of the hack.
Bybit has paid over $2 million to bounty hunters who helped trace and freeze a portion of the stolen funds. By mid-March, approximately 89% of the $1.4 billion had been either recovered or frozen.
The platform's decision to narrow its focus could further solidify its core offerings, especially at a time when crypto regulation, security, and reliability are becoming key differentiators in the eyes of both retail and institutional investors.
eXch Shuts Down as Bybit Cuts Web3 Services After Historic Hack
Cryptocurrency exchange eXch has announced it will cease operations on May 1 following allegations that it was used to launder funds tied to the $1.4 billion Bybit hack, reportedly involving North Korea’s Lazarus Group. The decision comes amid mounting pressure from international investigations and internal concerns over operating in an increasingly hostile environment.
Meanwhile, Bybit, the direct victim of the February exploit, is moving to streamline its operations by shutting down a wide range of Web3 services, including its wallets, NFT marketplace, and decentralized exchange.
Crypto Exchange eXch to Shut Down Amid Allegations of Laundering Funds From Historic Bybit Hack
Crypto exchange eXch has announced it will permanently cease operations on May 1, following explosive allegations linking the platform to one of the largest crypto thefts in history — the $1.4 billion Bybit exploit.
In a public notice published on April 17, the embattled platform cited mounting international pressure and internal consensus as primary drivers for its decision to shut down.
According to the statement, the exchange’s management voted to “cease and retreat” after a series of reports alleged that North Korea’s notorious Lazarus Group used eXch to launder roughly $35 million of the stolen assets. The company said it is now the subject of “an active transatlantic operation,” possibly involving intelligence agencies, which seeks to dismantle the exchange’s infrastructure and bring criminal charges against individuals connected to it.
“Even though we have been able to operate despite some failed attempts to shut down our infrastructure... we don’t see any point in operating in a hostile environment where we are the target of SIGINT [Signals Intelligence],” the company’s statement read.
Ties to the Lazarus Group: Denial, Then Concession
The Lazarus Group, a state-sponsored hacking syndicate tied to the North Korean regime, has been responsible for numerous cyberattacks on financial institutions and crypto platforms. Initially, eXch denied any involvement with the Lazarus Group following accusations from prominent blockchain investigators. However, the platform later admitted to unknowingly processing what it called an “insignificant portion” of the hacked funds.
While the platform’s leaders maintained that they were unaware of the origins of the tainted assets, critics argued that the exchange’s lax compliance and privacy-first posture created an ideal laundering route for cybercriminals. In its farewell message, eXch took aim at industry peers, claiming that exchanges which comply with strict anti-money laundering (AML) standards are “abusing customers with nonsensical policies.”
This stance, the company argued, positioned eXch as a target — not just for regulators, but for sophisticated intelligence networks that have allegedly attempted to compromise or disable its systems.
The wider saga began with the February 2025 hack of Bybit, which rapidly escalated into the largest digital asset heist in history. The attackers siphoned off $1.4 billion from the platform, triggering a massive wave of withdrawals that totaled over $5 billion in the days that followed. Bybit CEO Ben Zhou attempted to calm user fears by assuring the public that the company had sufficient funds to cover losses if recovery efforts fell short.
Bybit offered more than $2 million in rewards for information leading to the recovery or freezing of stolen assets. As of April 10, the exchange had managed to claw back enough credibility to return to its pre-hack market share of roughly 7%.
Privacy vs. Compliance: An Industry at a Crossroads
The shutdown of eXch raises pressing questions about the balance between user privacy and regulatory oversight in the cryptocurrency ecosystem. While many decentralized and privacy-focused platforms position themselves as defenders of financial freedom, their resistance to implementing stricter AML and Know Your Customer (KYC) protocols has made them ripe targets for abuse by bad actors.
The Lazarus Group’s continued targeting of under-regulated platforms sheds light on the geopolitical dimension of cryptocurrency crime — a landscape where hacking isn’t just about profit, but also about state strategy. The group has been previously linked to the 2017 WannaCry ransomware attack and the $600 million Axie Infinity (Ronin Network) hack in 2022.
Bybit Winds Down Web3 Services Amid Strategic Overhaul Following $1.4B Hack
Meanwhile, crypto exchange giant Bybit is taking another bold step in its post-hack restructuring strategy, announcing it will terminate nearly all of its Web3 services by May 31, including its multi-chain decentralized exchange, loyalty rewards program, and popular wallet features. The move follows the earlier shutdown of its non-fungible token (NFT) marketplace and comes just months after the catastrophic $1.4 billion exploit rocked the platform.
In an April 16 statement, Bybit confirmed the phased sunset of key Web3 components, signaling a dramatic pivot away from its previously expansive on-chain ecosystem. “We will be optimizing our current Web3 product and service offerings to focus on delivering high-quality services to our users,” the company said.
The sweeping shutdown includes Cloud Wallet, a hosted custodial wallet for user assets, and Keyless Wallet, a non-custodial option based on multiparty computation that eliminated the need for seed phrases — a flagship security product in Bybit’s Web3 suite. Both wallets will be decommissioned on May 31.
Additionally, Bybit will shut down:
DEX Pro, its multi-chain decentralized exchange
Swap & Bridge, a cross-chain swapping widget
Web3 Points, its loyalty program that rewarded on-chain activity with fee discounts and airdrop boosts
NFT Pro, a decentralized NFT marketplace
Inscription Marketplace, focused on digital artifacts and Bitcoin inscriptions
Fiat-to-Crypto On-Ramp, the gateway for new crypto entrants
Apex Pro Gateway, which allowed users access to a derivatives-focused DEX
Initial DEX Offering (IDO) service, used for early-stage token fundraising
The final shutdown date for these services is April 28, with all user data and assets expected to be safely retrievable or migrated prior to that date.
Strategic Refocusing: Back to Core Competencies
The decision to trim its Web3 ambitions appears to be a direct response to the immense operational stress caused by the February hack.
Although CEO Ben Zhou assured users at the time that the exchange was “solvent” and able to cover the full loss — with all client assets backed 1:1 — the fallout has pushed Bybit into a leaner, more focused strategy.
While the closures represent a retreat from its prior Web3 roadmap, Bybit is not turning its back entirely on crypto innovation. The exchange has recently partnered with Avalon, a Bitcoin-based yield protocol, to offer BTC yield products on its platform. The integration enables users to earn fixed returns through arbitrage opportunities within Avalon’s institutional-grade lending network.
This selective approach hints that Bybit is moving from building its own Web3 infrastructure to leveraging external protocols that are already optimized for specific use cases.
Bybit’s decision mirrors similar moves by other major crypto players in 2025. Earlier this month, NFT marketplace X2Y2 also shut down operations amid declining volumes and rising compliance costs. The once-hyped NFT space has faced a sharp contraction as speculative interest fades and regulatory scrutiny intensifies.
Despite rumors that Bybit has begun charging up to $1.4 million to list tokens on its centralized exchange — a claim made by an anonymous user on X — the company strongly denied the accusation. The exchange insists its listing process remains merit-based and subject to rigorous due diligence.
A Market Recovery and a Reputation to Rebuild
Despite the hack, Bybit’s market share has already rebounded, signaling a resilient user base and strong institutional trust. Much of this recovery has been attributed to aggressive bounty programs, forensic investigations, and operational transparency in the aftermath of the hack.
Bybit has paid over $2 million to bounty hunters who helped trace and freeze a portion of the stolen funds. By mid-March, approximately 89% of the $1.4 billion had been either recovered or frozen.
The platform's decision to narrow its focus could further solidify its core offerings, especially at a time when crypto regulation, security, and reliability are becoming key differentiators in the eyes of both retail and institutional investors.