The attacker started by withdrawing funds using Tornado Cash, which allows users to transfer cryptocurrencies without leaving a trace. After transferring the funds to the Fuse network, the borrower used them as collateral to obtain loans on Ola's decentralized lending platform. Taking advantage of the re-entry bug, the attacker was able to withdraw the collateral without paying off the loan first.