Binance Recovers $5.8M from North-Korean Hackers Attempting to Launder Money
Image courtesy of 123rf.

Binance Recovers $5.8M from North-Korean Hackers Attempting to Launder Money

Binance has recovered $5.8 million worth of crypto linked to Axie Infinity’s Ronin Bridge hack.
Neither the author, Ruholamin Haqshanas, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

Binance, the largest crypto exchange by market cap, has reportedly recovered around $6 million worth of crypto stolen from Axie Infinity’s Ronin Bridge last month purported by the North Korea-backed Lazarus group. The incident is yet another indication that it is getting harder for bad actors to launder money in crypto. 

Binance Recovers $5.8M from North Korean Hackers Behind Ronin Bridge Hack

Binance has managed to recover $5.8 million worth of crypto after Lazarus, the North Korean hacking group that is purportedly behind last month’s $600 million Ronin bridge hack, tried to launder the money using the exchange. 

Binance CEO Changpeng Zhao (CZ) revealed the news in a tweet on Friday, detailing that hackers spread the crypto across more than 86 different accounts.

On March 23, hackers stole 173,600 ETH tokens and 25.5 million USDC coins after compromising five out of Ronin’s nine validator nodes. The Ronin team did not notice the hack immediately and found out that funds had been drained nearly a week later when a user was unable to withdraw 5,000 ETH from Ronin.

At the time of the heist, the value of stolen funds in terms of US dollars was around $550 million. However, by the time the hack was publicized, the value of stolen crypto had increased to over $620 million. In either case, the hack easily ranks among the biggest crypto heists ever. 

This has arguably motivated federal law enforcement agencies to start investigations and get involved. Just recently, the US Federal Bureau of Investigation (FBI) said it was able to “confirm” North Korean-based hacker collectives Lazarus Group and APT38 were behind the hack. In a statement, the FBI said

“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29. The FBI…will continue to expose and combat the DPRK’s use of illicit activities – including cybercrime and cryptocurrency theft.”

As reported, the US Treasury also updated its Specially Designated Nationals (SDN) list to include the Ethereum address linked with the recent exploit of the Ronin network.

Join our Telegram group and never miss a breaking digital asset story.

Banned From Tornado Cash, Hackers Try to Launder Funds Using CEXs

Last week, popular mixing service Tornado Cash also banned Lazarus, which is allegedly run by the North Korean state. In a Tweet, Tornado Cash said it uses the Chainalysis oracle contract to block Ethereum addresses sanctioned by the US Office of foreign asset sanctions (OFAC) from accessing the dApp.

It is worth noting that Tornado Cash does not (and is not able to) prevent blacklisted addresses from interacting with its smart contracts because those contracts are permissionless. Instead, all it can do is stop those sanctioned addresses from interacting with Tornado Cash through its website.

Meanwhile, the fact that hackers tried to launder stolen funds via Binance can suggest they are also using other centralized exchanges to cash out. However, the recent incident is an indication that crypto forensics have significantly improved and that it is getting harder for hackers to launder stolen crypto. 

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

Do you think crypto exchanges would be able to recover more amounts of Ronin’s stolen funds? Let us know in the comments below. 

Cookies & Privacy

The Tokenist uses cookies to provide you with a great experience and enables you to enjoy all the functionality of the site.