THORChain Emerges as Key Tool for North Korean Crypto Laundering
John-Paul Thorbjornsen, a former Australian Air Force pilot and crypto entrepreneur, is promoting his new wallet "Vultisig," built on THORChain. This blockchain enables crypto swaps without intermediaries and claims enhanced security against hacks. Recently, both Vultisig and THORChain have experienced increased activity linked to the North Korean Lazarus hacking group.
Key points include:
- The Bybit exchange was hacked in February 2025 for $1.4 billion, marking one of the largest cyber heists ever.
- THORChain was utilized for laundering approximately $1.2 billion (85%) of the stolen funds.
- Despite requests from authorities, THORChain has not blocked transactions associated with the Bybit hack.
- Wallet developers and validators on THORChain earned over $12 million in fees related to these transactions.
- The U.S. Office of Foreign Assets Control (OFAC) has previously sanctioned similar services used for money laundering.
- Critics question THORChain’s decentralization, given its substantial involvement in illicit activities and profit from them.
- Thorbjornsen asserts he is no longer involved in daily operations of THORChain but continues to advocate for it.
Following the Bybit incident, THORChain saw a spike in swap volumes, exceeding $1 billion on its peak trading day. The FBI issued warnings to block DPRK-linked transactions, leading other platforms to take action, while THORChain's initial response was halted shortly after community backlash.
Legal experts suggest that continued earnings from illicit activities could pose regulatory challenges for THORChain operators. Despite this, Thorbjornsen maintains that decentralization is a process, emphasizing that both THORChain and Bitcoin faced scrutiny in their early stages.
Vultisig is set to launch its crypto token, VULT, on April 16, distributing it to loyal users. Concerns remain about the nature of its operations and potential regulatory issues.