Chainalysis has revealed intricate money laundering tactics used in the recent THORChain hack. The blockchain analytics firm reported that attackers executed complex cross-chain fund transfers weeks before the attack, involving Monero, Hyperliquid, and THORChain. Funds were moved to Hyperliquid via privacy bridges, converted to USDC, and transferred to the Arbitrum network. Some assets were then moved to Ethereum and staked in THORChain, believed to be the attack's origin. The analysis detailed that attackers later bridged RUNE assets back to Ethereum, splitting them into four connections, with one transferring 8 ETH to an address receiving stolen funds shortly before the attack. Between May 14-15, the attackers moved ETH back to Arbitrum, deposited into Hyperliquid, and transferred to Monero. As of Friday, the stolen funds remained unmoved, highlighting the attackers' sophisticated laundering capabilities.