[]

Advertisement

Should THORChain Have Processed Bybit Hack Funds? Industry is Split

The decentralized cross-chain liquidity protocol faced fierce criticism for not pausing swaps when it became clear that THORChain was the hackers’ go-to laundering chain.
By: Leo Jakobson • March 07, 2025
thorchain values

THORChain processed nearly three-quarters of the $1.4 billion Bybit hack, even though it could easily have prevented the stolen ether from passing through. This has spurred a debate about cypherpunk values.

When it became clear that the Lazarus Group hackers were swapping their stolen ETH for bitcoins on THORChain, an immediate vote to halt ETH to BTC swaps was passed, and then almost immediately reverted by other voters.

THORChain made $5.5 million from its role as the main conduit for North Korean hackers laundering their ill-gotten gains, according to THORChain Explorer. The protocol saw $5.9 billion in swap volume in the 10 days from Feb. 22 through March 3. After 10 days, the hackers managed to launder all of the nearly 500,000 ether they stole into bitcoin.

Fully 72% of the stolen funds were swapped for bitcoin on THORChain, according to Bybit CEO Ben Zhou, who boldfaced the protocol’s involvement in an X post on March 4.

THORChain’s reaction, or lack of reaction, to the hack was briefly good for its RUNE token. It was at $1.21 on Feb. 21 when Bybit was hit, and is at $1.21 now, although it bumped up 34% to $1.63 on Feb. 27. That’s still far below its March 2024 high above $10 and its December high above $7.50

No Regrets

The criticism THORChain faced was immediate and severe, not in the least because of comments like one from a THORChain user who goes by Diplo on X that said “It’s all coming from Lazarus hackers. But who really cares, it’s a win for tc.”

Noting on Feb 26 that THORChain’s volume was the most it had ever seen, Diplo went on to say “if we didn’t have this I don’t think we’d be above $1 right now.”

The hack had turned around, or at least halted, THORChain’s dizzying slide.

Erik Voorhees, founder of decentralized artificial intelligence platform Venice AI, argued on X that “Ethereum nodes and Bitcoin miners also processed all the [transactions]. That’s how crypto works. Go catch the bad guys, it’s all onchain and public.”

Which conveniently ignores the reality that state-sponsored North Korean hackers cannot be brought to justice.

Others took a longer view of the situation

"THORChain’s role in the Bybit hack raises the same fundamental question every decentralized system faces—where do you draw the line between neutrality and responsibility,” asked Alan Orwick, co-founder of Quai Network. “There’s no easy answer, but as these networks mature, the expectation that they at least acknowledge and address these issues—without compromising decentralization—will only grow."

No Tornado

Comparisons have been made to the mixing service Tornado Cash, also a favorite of North Korean hackers. But there’s a basic difference. Tornado Cash is truly decentralized, with all authority turned over to its governing DAO.

There is, by design, no one able to turn it off. Which didn’t stop The Netherlands from imprisoning developer Alexey Pertsev for two years while awaiting trial for breaking money laundering laws by building it. Some nine months after his conviction on May 14, 2024, he was allowed out on bail while appealing.

THORChain can very definitely be frozen, however, as people enraged by its lack of action were quick to point out.

In January, a $200 million insolvency caused founder JP Thorbjornsen and node operators to freeze withdrawals from its savers ands lending program, locking almost $100 million in savers’ vaults. The freeze was likened to a “bankruptcy freeze to avoid a rush to the exit” by Dragonfly managing partner Haseeb Qureshi, who asked, “is this the first on-chain restructuring?”

That was a point made by Taylor Monahan, founder of the MyCrypto Ethereum wallet who is now working with MetaMask, a job that makes her a full-time blockchain detective. No one has been harsher in their criticism than she has.

“This horrific cult needs to be permanently exiled from this industry,” Monahan said in a Feb. 26 X post in response to Diplo. “This is the same ‘decentralized’ protocol that rugged legitimate users and still—to this day—has their funds frozen af.”

With more than a few obscenities and some virtual shouting, Monahan said, “THORTARDS HAVE CURRENTLY ***ONLY*** FROZEN LEGITIMATE PEOPLE’S FUNDS! You FAILED to not freeze funds. You FAILED to freeze any stolen funds.”

THORChain failed both ways, she added.

Laura Shin of Unchained podcast’s response to Diplo’s comment “but who really cares it’s a win for tc,” was to say, “I dare you to say that directly to the US government’s face.”

Nor is it only outsiders who were disgusted by THORChain’s inaction. On Feb. 27, THORChain developer Pluto said on X, “effectively immediately, I will no longer be contributing to THORChain. I will remain available to Nine Realms as long as I am needed and to ensure an orderly hand-off of my responsibilities.”

A THORSwap developer explained that it takes three node votes to halt a chain, but four can revert that action. Which is what happened, Oleg Petrovsky said on X, adding “decentralization in action.”

When it comes to crime, “the reality is that DeFi isn’t a vacuum—it exists in a broader financial ecosystem where reputation and trust matter,” said Joe Flanagan, co-founder and executive chairman of Maple Finance, a DeFi lender focused on institutional and accredited clients.

“THORChain sticking to its decentralized ethos is one thing, but when a protocol becomes a preferred exit route for stolen funds, it risks damaging confidence in the entire space. No one expects these networks to act like banks with compliance teams, but ignoring the problem entirely isn’t a solution either.”

The challenge, he added, “is finding practical, on-chain ways to discourage this kind of activity without sacrificing what makes DeFi valuable in the first place.”

Give it Back

A very good day for decentralized exchange (DEX) aggregator ParaSwap’s became a very complicated one when Bybit asked the DAO to return about $100,000 in wrapped ETH that it earned as fees when North Korean hackers sent some of the centralized exchange’s stolen funds through ParaSwap.

After getting proof that the request was valid, the DAO got caught up in the same argument that THORChain did: Should they return the money? And the No. 8 aggregator, according to DeFiLlama, found itself in the midst of the same argument: Give back the stolen money or uphold decentralized and cypherpunk ethics.

One DAO participant, Citizen42, summed up the three options under consideration and the ethical debate surrounding all three quite succinctly.

“I have mixed feelings about this action,” Citizen42 said. While expressing sympathy for Bybit’s loss, they asked if Bybit planned to ask the Ethereum Foundation to return the gas spent on the transactions.

“The cypherpunk within says we shouldn’t and that [it] is your fault for poor [operational security] that resulted in this unfortunate event!” they said. “But the other half say we should help, so I’m split and looking towards the large $PSP community and invite them to comment and when the vote will be in place I shall evaluate sentiment and vote accordingly.

“I am tempted to push for a mid-way … a bounty to be rewarded for DAOs time and resources.”

A number of others proposed the bounty solution, noting that Bybit was offering up to a 10% bounty on returned funds.

Others were more practical. Jameskbh suggested coming up with a framework for future situations like this, while Capitalist suggested segregating the funds in a designated wallet for a time to await “any legal requests from authorities.”

A Third Way

One common theme in these discussions is that there has to be a better way to fight hackers on-chain than to ask decentralized protocols to take a centralized response.

“THORChain’s role in the Bybit hack brings a tough question to the forefront: should a permissionless, decentralized protocol step in when it becomes a conduit for illicit funds,” asked Peter Nguyen, CMO of Autonomys Network. “Nearly 72% of the stolen ETH was routed through THORChain purely by its design—built to remove intermediaries and empower users through open, transparent access.”

The industry’s challenge, he added, “isn’t to force DeFi protocols to act like traditional banks by freezing transactions, but to increase the focus on developing innovative, decentralized safeguards such as smart contract-based circuit breakers, on-chain monitoring, and community-led governance consensus mechanisms that can act as deterrents without sacrificing decentralization. The unfortunate reality is that these attacks will happen again, it is growing pains to the road for adoption."

THORChain

Our articles are stored on Filecoin.

Related Posts

Bybit Hackers Launder Funds Through Thorchain, Shattering Daily Volume Record

Bybit Hackers Launder Funds Through Thorchain, Shattering Daily Volume Record

February 28, 2025
Thorchain Thunders Back As Trading Volumes Hit All-time Highs

Thorchain Thunders Back As Trading Volumes Hit All-time Highs

March 12, 2024
THORChain Proposes TCY Equity Tokens to Address $200 Million Debt Crisis

THORChain Proposes TCY Equity Tokens to Address $200 Million Debt Crisis

February 03, 2025

Advertisement

Get an edge in Crypto with our free daily newsletter

Know what matters in Crypto and Web3 with The Defiant Daily newsletter, Mon to Fri

90k+ Defiers informed every day. Unsubscribe anytime.