THORChain has been called a money laundering protocol — a label no decentralized finance (DeFi) project wants unless it’s prepared to have regulators
THORChain has been called a money laundering protocol — a label no decentralized finance (DeFi) project wants unless it’s prepared to have regulators breathing down its neck.
Its supporters have fended off the criticism by championing decentralization, while its critics point to recent activities that showed some of the protocol’s centralized tendencies.
After exploiting Bybit for $1.4 billion, the North Korean state-backed hackers behind the attack, known as the Lazarus Group, flocked to THORChain, making it their top choice to convert stolen funds from Ether (ETH) to Bitcoin (BTC). Lazarus finished converting its Ether within just 10 days of the hack.
The controversy has triggered internal conflict, governance cracks and developer resignations, exposing a deeper issue and question: Can DeFi remain neutral when criminals exploit it at scale?
THORChain is not a mixer
THORChain is a decentralized swap protocol, so some say it’s unfair to call it a laundering machine, as the output is traceable. It’s not like a mixer, whose purpose is to conceal cryptocurrency fund trails — though the reasons for using mixers vary between users, with some simply wanting to preserve their privacy and others using them for illicit purposes.
Federico Paesano, investigations lead at Crystal Intelligence, argued in a LinkedIn post that it is misleading to state that the North Korean hackers “laundered” the Bybit hack proceeds.
“So far, there’s been no concealment, only conversion. The stolen ETH have been swapped for BTC using various providers, but every swap is fully traceable. This isn’t laundering; it’s just asset movement across blockchains.”
Tracing funds swapped to Bitcoin is time-consuming, but not impossible. Source: Federico Paesano
Hackers also moved funds through Uniswap and OKX DEX, yet THORChain has become the focal point of scrutiny due to the sheer volume of funds that passed through it. In a March 4 X post, Bybit CEO Ben Zhou said that 72% of the stolen funds (361,255 ETH) had flowed through THORChain, far surpassing activity on other DeFi services.
Over $1 billion in Ether from the Bybit theft was traced to THORChain. Source: Coldfire/Dune Analytics
A truly decentralized platform’s strength lies in its neutrality and censorship-resistance, which are foundational to blockchain’s value proposition, according to Rachel Lin, CEO of decentralized exchange SynFutures.
“The line between decentralization and responsibility can evolve with technology,” Lin told Cointelegraph. “While human intervention contradicts decentralization’s ethos, protocol-level innovations could automate safeguards against illicit activity.”
Related: From Sony to Bybit: How Lazarus Group became crypto’s supervillain
THORChain collected at least $5 million in fees from these transactions, a windfall for a project already struggling with financial instability. This financial benefit has further fueled criticism, with some questioning whether THORChain’s reluctance to intervene was ideological or simply a matter of self-preservation.
Source: Yogi (Screenshot cropped by Cointelegraph for visibility)
Governance cracks show when decentralization becomes a shield
The controversy sparked a dilemma on whether THORChain should act. In an attempt to block the hackers, three validators voted to halt ETH trading, effectively closing off their swapping route. However, four validators quickly voted to overturn the decision.
This exposed a contradiction in THORChain’s governance model. The protocol claims to be absolutely decentralized, yet it had previously intervened to pause its lending feature due to insolvency risks (swaps still remained operational).
Some crypto community members called out THORChain’s actions as selective decentralization, where governance intervention only occurs when it serves the protocol’s own interests.
Source: Dan Dadybayo
The backlash was immediate. Pluto, a key THORChain developer, resigned. Another developer, TCB, who identified themselves as one of the three validators who voted to halt Ether trades, hinted at leaving unless governance issues were addressed.
Meanwhile, blockchain investigator ZachXBT called out Asgardex, a THORChain-based decentralized exchange, for not returning fees earned from hackers, while other protocols reportedly refunded ill-gotten gains.
THORChain founder John-Paul Thorbjornsen responded by claiming that centralized exchanges pocket millions from facilitating illicit transactions unless pressured by authorities.
“This pisses me off. Do we get ETH and BTC nodes to give back their transaction fees? What about GETH or BTCCore devs – who write the software, funded by grants/donations?” asked Thorbjornsen.
Source: ZachXBT
THORChain’s growing regulatory risks, as previously demonstrated by privacy tools
For now, THORChain has avoided any direct enforcement actions from governments, but history suggests that DeFi protocols facilitating illicit finance may not escape scrutiny…
cointelegraph.com