North Korean Hackers Force Major Developer Reshuffle at Thorchain Network


TLDR

  • Thorchain developers, including unofficial lead Pluto, are leaving due to concerns over North Korean hackers using the network to launder stolen Ethereum
  • The Lazarus Group is using Thorchain to move funds from the recent $1.5 billion Bybit hack
  • Core developers used validator powers to halt ETH trading to prevent money laundering
  • Thorchain’s limited validator set and infrastructure requirements have led to centralization issues
  • Wallet providers may cut ties if illicit fund flows continue, threatening the protocol’s future

A wave of departures has hit Thorchain as developers abandon the interoperability-focused blockchain platform amid concerns over North Korean hackers using the network to launder stolen cryptocurrency. The exodus includes Pluto, the protocol’s unofficial lead developer.

The crisis began when hackers from North Korea’s Lazarus Group started using Thorchain to move Ethereum stolen in the recent Bybit hack. The theft, which occurred on February 21, resulted in losses of $1.5 billion.

TCB, a core contributor to the project, has announced his intention to leave unless immediate action is taken to prevent illicit fund flows. He joins Pluto in what appears to be a growing exodus of technical talent.

Three developers, including TCB, Pluto, and Oleg Petrov, recently used their validator powers to halt ETH trading on the platform. This action was taken specifically to prevent the Lazarus Group from continuing their money laundering activities.

The situation has exposed a fundamental contradiction in Thorchain’s operations. While the protocol markets itself as censorship-resistant and permissionless, TCB revealed that a small group of corporate actors controls most of the network’s infrastructure and user-facing services.

Thorchain’s technical architecture has contributed to centralization issues. Unlike other major cryptocurrencies such as Bitcoin and Ethereum, which operate with thousands of independent validators, Thorchain relies on a much smaller group of operators.

The network requires full infrastructure replication across all supported blockchains. This requirement has made it difficult to bring new validators onboard, further limiting the network’s ability to decentralize.

Network Limitations

Previous attempts to address these issues have met resistance. Proposals for lighter node implementations and expanding the validator set have not gained traction within the protocol’s governance structure.

Other protocols in the industry have moved to implement censorship measures at the network level. Chainflip, for example, has already put such protections in place, while Thorchain has yet to follow suit.

Many wallet providers that handle legitimate Thorchain transactions already use transaction filtering on their front ends. These providers may cut ties with the protocol if illicit fund flows continue.

The loss of these providers could isolate Thorchain from legitimate sources of liquidity. This isolation, combined with increased regulatory scrutiny, poses a serious threat to the protocol’s operations.

The current crisis extends beyond normal protocol governance issues. TCB has warned that when most transaction flows involve stolen funds linked to a sanctioned state actor, the situation becomes a national security concern.

Thorchain now faces the possibility of enforcement actions that could threaten its ability to operate. Regulators may view the protocol as a facilitator of large-scale money laundering.

The protocol’s ability to swap native assets across different blockchains has made it attractive to bad actors. This feature has been exploited to obscure the trail of stolen funds.

TCB has indicated that without swift action to address these issues, Thorchain could face a severe crisis. The combination of departing developers, regulatory pressure, and potential loss of legitimate business partners presents multiple challenges to the protocol’s survival.



Solana Token Creator