More than a week after the U.S. tied one of the biggest cryptocurrency heists in history to a North Korean hacking group, digital-asset exchange Binance said it was able to recover about $5.8 million worth of the stolen loot that had made its way onto its platform in disguised form. The details of how it achieved this serve as notice for those who attempt to cash out ill-gotten cryptocurrency gains: It may only get harder.

The U.S. Treasury Department last week tied the North Korean hacking group Lazarus to the theft of more than $600 million worth of cryptocurrency from the Ronin software bridge, which is used by players of Axie Infinity to transfer crypto. The department identified an Ethereum wallet address tied to the group, adding it to its sanction list. Binance was able to trace stolen funds that were initially moved from the hackers' wallet to Tornado Cash—a service that allows for anonymous token transfers on the Ethereum blockchain—and then to its exchange by working with external firms.

"We coordinated with industry-leading blockchain analytics firms and immediately froze the funds when exposure to our platform was identified," the spokesperson said. The crypto was discovered in 86 different accounts on Binance's exchange, the firm's CEO, Changpeng "CZ" Zhao, said in a tweet.