Binance says they were able to recover about $5.8 million worth of the stolen crypto that made its way onto its platform, originally taken from the Ronin Network/Axie Infinity bridge security breach that occurred at the end of last month, the original story is here.

Last week, the  U.S. Treasury Department identified North Korean hacking group 'Lazarus' as the attackers behind the theft.

Immediately after the theft occurred resources were deployed to follow every step the stolen coins would make...

The thieves attempted to use tornado.cash, a service that aims to make transactions that go through it private by breaking the chain of custody, they explain their service "uses a smart contract that accepts ETH deposits that can be withdrawn by a different address" and suggest the longer users wait to withdraw the funds they hold, the harder it becomes to link the person withdrawing to the original deposit.

This wasn't enough to hide their tracks, "We coordinated with industry leading blockchain analytics firms and immediately froze the funds when exposure to our platform was identified" a spokesperson for Binance said. 

We believe Chainalysis is the analytics firm they're referencing, as we know they've worked closely with Binance on legal compliance and anti-fraud issues for years, they also develop software specifically for the purpose of following tokens through transactions intended to hide their trail.

According to Binance CEO 'CZ' they also discovered 86 fraudulent accounts by following these funds. 

A Small Part Of The Massive Total...

The theft totaled more than $600 million in cryptocurrency, so recovery of just $5.8 million isn't even 1% of the total taken..  

But this was just the first battle in what will be an ongoing war, that we're now learning more about.

A Target On Them Every Second, of Every Day...

Speaking 'unofficially' with a cyber security coordinator from another top exchange (who requested to remain unnamed) the industry is taking an ultra-aggressive approach to dealing with the issue of hacks and ransomware that target or use cryptocurrencies.

"The coins are being watched by software that doesn't lose track of them just because they've been shuffled around and split up countless times before attempting to cash out" he explained "as soon as one of the firms monitoring these flagged coins sees them being transferred to an exchange capable of turning them in to cash - if we're that exchange, our phone is ringing seconds later. Someone capable of immediately freezing those funds will actually be there to answer it 24/7".

This coordination between organizations has one main goal "we want people from that world to see crypto as the worst, most headache-inducing way to do business" specifically regarding this latest theft, he added "I can imagine the celebrating these crooks did when they believed they had stolen $600 million.  Then I imagine these next few months, failing again and again to get their hands on it - unintentionally returning it to their victim.  At some point they'll need to evaluate how much time they've wasted for these $0 paydays."

We ended our conversation with him making a rather bold prediction "No joke - in the near future I see the scammers, hackers, thieves, hostile governments and whoever else may be from that world of illegitimated earnings demanding 'NO CRYPTO!' because we've made doing their business in crypto such an awful, stressful experience".

That's Exactly How it Continues to Play Out...

The thieves 'awful, stressful experience' continues as the US Treasury Department adds three more addresses to its list of blacklisted wallets connected to the Ronin Network hack.

Vowing to continue the "disruptive action against entities facilitating the movement of the stolen virtual currency" and calling on the crypto industry to "lock its digital doors" leaving the thieves with hundreds of millions of dollars... that are impossible to spend. 

Chainalysis recently released a completely free tool that any company or organization can easily integrate into whatever service they provide, allowing them to automatically check wallet addresses they or a user are transacting with are not on the blacklist of wallets involved in various illegal activities.

-----------
Author: Ross Davis
Silicon Valley Newsroom
GCP | Breaking Crypto News