Inside North Korea’s preferred crypto -what washing tool: Thorchain

Leave a Comment / Business

John-Paul Thorbjornsen, a former Australian Air Force Pilot, who became crypto-entrepreneur, has spent the past few weeks promoting his new crypto-teger, “Vultisig.” Built on Thorchain – a blockchain he founded to allow crypto -swaps without intermediaries – is the wallet’s most important selling point that it is harder to hack than similar apps.

Recently, Vultisig – along with the Thorchain Network itself – has seen an increase in activity, but security experts have traced the growth of a troubled source: North Korea’s Lazarus Hacking Group.

After February’s hack with Crypto Exchange Bybit of $ 1.4 billion – the biggest cyber heist in history – Thorchain emerged as central to North Korea’s laundering operations. Researchers have tracked almost $ 1.2 billion – or 85% – of the stolen funds through the network, which has become the Kim regime’s primary tool to move crypto between blockchains.

Unlike some other blockchain services, Thorchain’s operators have refused to block transactions linked to Bybit -Heist, despite the requests of the FBI and other government agencies. Thorchain wallets like Asgardex and Vultisig – tools that most people use to shop on the network – also has no budget.

According to estimates from blockchain security researchers who spoke with Coindesk, Thorchain’s large wallet developers and validators-many have publicly identified and based in jurisdictions with strict rules against money, including US-earned over $ 12 million in fees associated with the heist.

Thorbjornsen, known publicly as JP Thor, insists that he is no longer involved in Thorchain’s daily operations, but is still his most visible spokesman. “The protocol continues to run and exchange despite chaos,” he told Coindesk. “It’s actually doing well.”

The US Office of Foreign Authorize Control (OFAC) has previously sanctioned blockchain services used in money laundering, such as Mixer -App Tornado Cash (which has since been delisted after a court decision) and Bitzlato, an exchange. Prosecutors have also accused operators behind similar platforms.

For legal experts and the Crypto Society, regardless of whether the Thorchain-a LAG-1 blockchain shell is treated differently than these other services revive a basic debate that almost all crypto platforms face: Is the network really decentralized?

Critics claim that it is not – at least in comparison to popular blockchains such as Bitcoin and Ethereum, which have gained less control to facilitate illegal transactions. Thorchains followers “claim that it is decentralized when it is convenient yet they take advantage of this [Bybit hack]”Said Blockchain -Security Scientist Taylor Monahan.” It’s a really bad look. “

Thorchain’s transaction fees – especially those earned by its wallet apps, which are maintained by small developer teams – further complicates its defense. According to a former US Ministry of Finance, “Anyone who makes money on fees related to the movement of hacked funds that have already been publicly attributed to Lazarus and North Korea potentially have an ofac question.”

Even some of Thorchain’s most vocal supporters have become concerned. “When the vast majority of your streams are stolen funds from North Korea for the greatest moneyheist in human history, it will become a national security issue,” warned a Thorchain developer known as “TCB” on X. “[T]His is not a game anymore. “

BIGGEST HACK IN HISTORY

February’s Hack of Bybit, a major Dubai-based crypto exchange, was great even according to the standards of the Lazarus group-the North Korean cyber unit behind most of the biggest crypto-heists in the last decade.

The hack took place after Bybit’s founder was tricked into interacting with a site that Lazarus had compromised. The error gave the hackers access to some of Bybit’s primary Ethereum drawing books. They stole $ 1.4 billion value of ether (ETH) -Tokens from the exchange.

North Korea’s laundering, well practical after years of large money-crypto-heists, immediately began to divide their record-breaking traits across a variety of fresh crypto drawing books-the first step in a complex journey designed to convert dirty crypto into pure cash.

“DPRK uses advanced technical capabilities to launder cryptocurrency,” explained Andrew Fierman, the head of the National Security Intelligence at Chainalysis. After moving the funds “through a comprehensive number of intermediary wallets,” the money laundering “uses” transverse chain bridges to move the stolen funds across different assets such as Bitcoin, Ethereum, Tron, Solana and others. “

Thorchain turned out to be essential to the brodge-forming phase and served as a space to swap tokens across blockchains-egg repeatedly to throw investigators from their tracks.

“Before Thorchain existed, there was no way to switch from Ethereum to Bitcoin without being frozen,” Monahan, a security researcher at Metamask.

Centralized swap services – including crypto exchanges such as coinbase and binance – require users to register their accounts and risk having illegal funds. Most decentralized services, meanwhile, lack liquidity to support transactions on the scale of the Lazarus group.

Set on notice

The day after Bybit Hack, Thorchain’s daily swap volume exceeded $ 529 million – its biggest trading day ever, according to Data from Defillama. Volumes continued to climb the days after and generated millions of dollars in fees for thorchain’s validators, liquidity providers and wallet services.

Thorchain Swap Volume spiked markedly on February 21, the day of Bybit Heist, to March 2 (Defillama)

On February 27, the FBI circulated a list of DPRK-bound blockchain addresses and called for “private sector devices including RPC nodes, exchanges, bridges, blockchain analytic companies, defi-services and other virtual asset service providers to block transactions with or diverted [them]”

At this point, many of the other crypto tools used by North Korea’s laundering had already begun to block his-bound activity.

Tether, the largest stableecoin operator, eventually froze $ 9 million attached to Heisten and Mantel, a LAG-2 blockchain connected to Ethereum, froze $ 41 million more. A platform – a decentralized exchange run by the company OKX – paused its services completely.

For a moment, Thorchain seemed like it could follow. In response to the FBI’s notice, a group of thorchain -validators coordinated to stop Ethereum -Swaps on the protocol -a step intended to slow down the outflow of illegal means. But the break lasted only 30 minutes before it was rolled back after community pushback.

“There is no evidence, nor can there be any signed and propagated transaction from a specific geographical place,” Thorbjornsen Coindesk told, arguing that any connections between Thorchain and North Korea are “alleged” as the users of the network are not forced to register themselves.

The break of the break turned out to be a fracture point for some in the Thorchain community. “Effective immediately I will no longer contribute to Thorchain,” the protocol’s main developer, known as “Pluto,” wrote in an X post.

Decentralization theater?

Thorbjornsen and others maintain that Thorchain should be treated as a decentralized protocol such as Bitcoin or Ethereum, none of which blocked transactions after Bybit -Heist.

They point to its society on more than 100 validators – computers that verify transactions – as evidence that no single device controls the system.

Thorchain’s management model is dependent on these validators that put the network’s original Rune -Token to participate in consensus and earn rewards. In theory, greater protocol decisions require approval from a supermajority of these validators, creating a distributed power structure that is resistant to centralized control.

However, critics claim that the network is not almost as decentralized as alleged. In January, a single, the network develops during a liquidity crisis – an act that should have required validator consensus if the system was more decentralized.

When Thorchain was involved in former North Korean money laundering operations, “we were told there was nothing they could do about the illegal funds,” Monahan said. “All the time, JP had a single private key that had control over the whole system.”

Thorbjornsen admits that the chain was paused by an administrative key holder at a moment when Thorchain was facing an “existential” threat. Thorbjornsen, however, said the break was initiated by a key holder with the pseudonym “Leena.”

Thorbjornsen created the Leena account early in Thorchain’s development and used it originally to hide its real identity. He now says that the Leena account is no longer controlled by him and another paused chain in accordance with acceptable security procedures.

For Thorbjornsen, the debate over who controlled the admin key misses the bigger point.

“In the first pair of existing ones in the first few years, you could easily have made the case that Bitcoin was completely centralized,” he told Coindesk, pointing to one case in 2010 when Satoshi upgraded the original blockchain to fix a major mistake.

“Decentralization has been achieved and it has been achieved by many years to be in the arena and prove it,” Thorbjornsen said. “All of these things like the break and unpause … This is all part of the travel of decentralization.”

Business as usual

On March 1, Thorchain’s largest trading day after Bybit -Heist, the network recorded over $ 1 billion in swaps, more than it typically processes for a full month.

The activity was a blessing for Thorchain’s infrastructure providers – Wallet -Outbed Services and Validators that take a cut of each transaction on the network.

According to Blockchain -Criminal Technical Company Chainalysis, Thorchain earned knot operators at least $ 12 million in fees connected to Bybit Heist. Chainalysis called its estimate “conservative”.

According to legal experts, these fees are what can eventually get Thorchain’s operators for problems. A former official of the US Ministry of Finance warned in an interview with Coindesk that “much of this just comes down to the question of who makes money: Is it a concentrated set of people, and is it relatively known that [the funds] Is from bad actors? “

Wallet -Apps such as Vultisig and Asgardex have gained special control from legal and security experts, as “Frontend” applications used to interact with blockchains are generally considered more centralized than blockchains themselves.

Asgardex, one of the more popular Thorchain cartoons, earned $ 1 million from city-bound transactions, according to Monahan. “The reason you use Asgardex” Unlike other Thorchain Books “is because you don’t want tracking – you don’t want filtration or anything,” said Thorbjornsen, who helped develop the program.

Thorbjornsen says he no longer has an operational or financial share in Asgardex, which is open source and can technically be programmed by his users to operate without fees. However, he has recently actively promoted Vultisig, his new hack-resistant Thorchain Wallet.

On March 20, Thorbjornsen boasted in an X post that more people than ever used the app: “Vultisig -Swaps has collected $ 200,000 in revenue so far!” Zachxbt, a Krypto -sleuth, known for examining North Korea’s cyber operations, replied by pointing out that “a good part of this revenue is generated from BYBIT hacket.”

“Vultisig is not a chain,” Zachxbt said. “[T]Hey operates a centralized interface for users to interact with protocols against a fee. “

On April 16, Vultisig launches its official Crypto Token: Vult. The token will be distributed free of charge to some of the wallet’s most loyal users.

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top