In September 2020, a North Korean hacking group known as Lazarus broke into a small Slovakian crypto exchange and stole virtual currency worth some $5.4 million. It was one of a string of cyber heists by Lazarus that Washington said were aimed at funding North Korea’s nuclear weapons program.

Several hours later, the hackers opened at least two dozen anonymous accounts on Binance, the world’s largest cryptocurrency exchange, enabling them to convert the stolen funds and obscure the money trail, correspondence between Slovakia’s national police and Binance reveals.

In as little as nine minutes, using only encrypted email addresses as identification, the Lazarus hackers created Binance accounts and traded crypto stolen from Eterbase, the Slovakian exchange, according to account records that Binance shared with the police and that are reported here for the first time.

“Binance had no idea who was moving money through their exchange” because of the anonymous nature of the accounts, said Eterbase co-founder Robert Auxt, whose firm has been unable to locate or recover the funds.

Eterbase’s lost money is part of a torrent of illicit funds that flowed through Binance from 2017 to 2021, a Reuters investigation has found.

During this period, Binance processed transactions totalling at least $2.35 billion stemming from hacks, investment frauds and illegal drug sales, Reuters calculated from an examination of court records, statements by law enforcement and blockchain data, compiled for the news agency by two blockchain analysis firms. Two industry experts reviewed the calculation and agreed with the estimate.

Separately, crypto researcher Chainalysis, hired by U.S. government agencies to track illegal flows, concluded in a 2020