THORChain Sees All-Time Swap Volume Crosschain swap decentralized protocol THORChain has seen an incredible spike in transaction volume following the hacking of crypto exchange Bybit for $1.4 billion. On February 26, THORChain processed an all-time-high of $859.61 million in swaps, according to THORChain Explorer. The streak continued on February 27 by adding another $210 million and pushing total swap volume past $1 billion within less than 48 hours. The North Korean state-sponsored Lazarus Group hacking group has been known to convert the stolen cryptocurrencies into Bitcoin in order to cover their origin. Laundering Tactics Concerns Blockchain analysts have observed Lazarus-linked funds moving through decentralized exchanges to avoid detection. THORChain’s heightened activity has triggered warnings of likely misuse. THORChain halted Bitcoin and Ethereum lending last month after accumulating $200 million in debt, prompting a proposal for debt restructuring. However, its swapping feature remains active, raising concerns over unauthorized transactions. THORChain Developers Silence Criticism Nine Realms creator “Pluto,” a principal THORChain developer , confirmed that criminal funds had passed through the protocol. However, he claimed that measures have been implemented to allow wallet and integration partners to block out transactions. Pluto argued that the decentralized nature of THORChain cannot be blamed for users’ actions. In the meantime, THORChain’s native token RUNE has increased 36.6% in the past week, reflecting increasing demand. Bybit Tracks Stolen Funds, Names Uncooperative Platform Bybit released a webpage to track its missing money and put a bounty on assistance in freezing it. On Feb. 27, the website had designated seven cooperative exchanges and one noncooperative platform, eXch, a no-KYC exchange service that refused to freeze funds associated with the hack. eXch rejected facilitating North Korea’s money laundering. Researchers such as blockchain researcher ZachXBT and the FBI verified that Lazarus Group had carried out the February 21 hack. Sygnia and Verichains’ reports showed that hackers had stolen SafeWallet developer credentials, injecting malicious JavaScript into AWS infrastructure to deceive signers into signing fake transactions. SafeWallet has revamped its security architecture and rotated credentials to prevent future breaches. Chainflip Makes Move to Block Bybit Hackers Cross-chain DEX Chainflip is rolling out an upgrade to block hackers behind Bybit’s $1.4 billion exploit from washing money on its exchange. “The general consensus within the Chainflip community is that suspicious flows are too high-risk for liquidity providers,” the team stated. The upcoming 1.7.10 upgrade will include enhanced screening tools, which will allow broker operators like SwapKit and Rango DEX to block suspect ETH and ERC-20 deposits. Biggest Crypto Heist in History The Bybit hack of February 21 is officially the biggest crypto heist in history. Bybit’s multi-signature approval process was exploited by the hackers by disguising a user interface to conceal a maliciously crafted smart contract, which ultimately drained a significant portion of the exchange’s Ethereum reserves. With investigations continuing, pressure is growing on the industry to strengthen security controls and keep decentralized protocols from being used as safe havens for stolen assets.
