More than a week after the U.S. tied one of the biggest cryptocurrency heists in history to a North Korean hacking group, digital-asset exchange Binance said it was able to recover about $5.8 million worth of the stolen loot that had made its way onto its platform in disguised form. The details of how it achieved this serve as notice for those who attempt to cash out ill-gotten cryptocurrency gains: It may only get harder.

The U.S. Treasury Department last week tied the North Korean hacking group Lazarus to the theft of more than $600 million worth of cryptocurrency from the Ronin software bridge, which is used by players of Axie Infinity to transfer crypto. The department identified an Ethereum wallet address tied to the group, adding it to its sanction list. Binance was able to trace stolen funds that were initially moved from the hackers' wallet to Tornado Cash—a service that allows for anonymous token transfers on the Ethereum blockchain—and then to its exchange by working with external firms.

"We coordinated with industry-leading blockchain analytics firms and immediately froze the funds when exposure to our platform was identified," the spokesperson said. The crypto was discovered in 86 different accounts on Binance's exchange, the firm's CEO, Changpeng "CZ" Zhao, said in a tweet.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including and

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.