THORChain, a decentralized cross-chain asset swap protocol, has seen a dramatic surge in revenue following the February 21 hack of centralized exchange Bybit, which resulted in a staggering $1.4 billion theft. The protocol has processed more than $5.4 billion in asset swap volume since the exploit, raking in approximately $5.5 million in fees, according to THORChain explorer data.
The hack, attributed to the North Korean-affiliated Lazarus Group, remains one of the largest in crypto history. Following the breach, Lazarus Group laundered a significant portion of the stolen funds through THORChain, causing concern within the crypto community. On February 27, THORChain recorded over $1 billion in swap volume in a single day, generating more than $554,000 in revenue on that day alone.
Despite the financial success, THORChain faces increasing scrutiny for its role in facilitating the movement of illicit funds. Criticism intensified after a vote to block transactions linked to the North Korean hackers was reversed, leading to the resignation of a core developer, known only as “Pluto.” On February 27, Pluto publicly announced they would no longer contribute to the protocol, citing concerns over its handling of stolen funds.
**Moving on from THORChain**
— Pluto (9R) (@Pluto9r) February 27, 2025
Validators, developers, members of the community: effectively immediately, I will no longer be contributing to THORChain. I will remain available to Nine Realms as long as I am needed and to ensure an orderly hand-off of my responsibilities. It has…
Crypto commentators, such as Yogi, have criticized THORChain for allowing the laundering of stolen assets, with accusations of lacking safeguards like Know Your Customer (KYC) protocols or an “off switch” to block illicit transactions. In response, blockchain analytics firm Elliptic flagged over 11,000 cryptocurrency wallet addresses potentially connected to the Bybit hack, with further investigations expected to expand this list.
THORChain just helped North Korea launder $605 million. No KYC, no off switch, no resistance. Lazarus Group jacked Bybit for $1.5 billion in February 2025, then funneled the stolen ETH through THORChain like it was built for them. Over five days, $2.91 billion in volume ripped… https://t.co/LKtGFFsZaM
— Yogi (@HouseofYogiX) March 4, 2025
Bybit CEO Ben Zhou confirmed on March 4 that $280 million of the stolen funds have gone “dark,” making them untraceable, further highlighting the challenges in tracking the stolen assets.
Also Read: THORChain Faces Crisis as Dev Quits Over North Korean Hackers Using Protocol
As THORChain continues to process billions in swap volume, the protocol’s involvement in the Bybit hack raises questions about decentralization, security, and the responsibilities of cross-chain protocols in preventing the laundering of illicit funds.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
