The fallout stems from the Lazarus Group laundering funds through THORChain after the $1.5 billion Bybit hack, which also shook institutional confidence in crypto staking. Meanwhile, a new Chainalysis report reveals that crypto crime hit a record $51 billion in illicit transactions in 2024, with criminals increasingly turning to stablecoins and AI-driven schemes to evade detection.
THORChain Rocked by Resignations
A THORChain developer announced their departure from the crypto protocol after a controversy over the blocking of transactions linked to North Korean hackers. The developer, known as “Pluto,” stated in a post on X that they will no longer be contributing to the project but would stay available for an orderly hand-off of responsibilities. This decision was made after the fallout from a vote to halt Ethereum transactions on THORChain in an attempt to stop the Lazarus Group from laundering stolen funds.
THORChain validator “TCB” revealed that they were among three validators who supported the vote to prevent the group from using the protocol, but the decision was quickly overturned. According to THORSwap developer Oleg Petrov, three votes were required to stop transactions, while four were needed to reverse the halt. With the decision being reverted almost immediately, TCB warned that they will also step away from THORChain unless a solution was quickly implemented to stop the flow of illicit funds.
The Lazarus Group has reportedly been using THORChain to launder some of the $1.5 billion that was stolen from the crypto exchange Bybit on Feb. 21. On Feb. 28, blockchain analytics firm Lookonchain reported that the group already moved $605 million worth of Ethereum through the protocol. The controversy comes at a time when THORChain is experiencing a surge in activity. In fact, it recorded its highest-ever daily volume of $860 million in swaps on Feb. 26, followed by $705 million the next day.
Due to the mounting pressure after the Bybit hack, the FBI urged crypto validators and exchanges to take action against the Lazarus Group, which effectively confirmed that North Korea was responsible for the hack. TCB also warned that THORChain’s association with such large amounts of stolen funds could escalate the situation into a national security issue.
However, THORChain’s founder, John-Paul Thorbjornsen, defended the protocol. He stated that none of the wallet addresses sanctioned by the US Treasury’s Office of Foreign Assets Control interacted with THORChain, and pointed out that the hackers were simply moving funds too quickly for screening services to detect.
Thorbjornsen argued that expecting blockchain protocols like THORChain to enforce censorship was unrealistic. He also pointed out that THORChain nodes operate under very strict rules and can be churned out if they fail to follow protocol guidelines. He downplayed concerns about regulatory intervention by stating that if a node operator feels uncomfortable, they can exit the network, allowing THORChain to adapt as needed.
TCB, however, is a lot more skeptical about THORChain’s claims of decentralization, and argued that the protocol is not as resistant to regulatory attacks as Bitcoin due to its smaller validator base. They criticized the network’s design choices, which they claimed make it difficult to onboard new validators, resulting in a small group controlling infrastructure and transaction flows. According to TCB, many corporate actors that provide liquidity for THORChain are already censoring transactions on their front ends and are likely to move away from the protocol if it continues to allow illicit activity.
Bybit Hack Shakes Institutional Confidence
The recent billion-dollar cybersecurity breach at Bybit dealt a massive blow to institutional adoption of crypto staking, according to Bohdan Opryshko, the chief operating officer of staking services provider Everstake. The hack was carried out by North Korea’s Lazarus Group on Feb. 21, and resulted in the theft of approximately $1.4 billion worth of liquid staked Ethereum, making it the largest exploit in the industry’s history.
(Source: Elliptic)
Opryshko stated that such high-profile security breaches discourage institutional investors from allocating funds to crypto assets, particularly staking-related investments. He pointed out that compliance and legal teams evaluating an Ether ETF will likely reconsider their plans after witnessing such a major security failure.
The impact of the hack extends beyond investor hesitation, potentially accelerating the trend of stakers withdrawing their assets from centralized crypto exchanges. Over the past six months, the amount of staked Ether on centralized platforms fell from 8.6 million ETH in September to 8 million ETH in February, with a 0.5% decline occurring immediately after the Bybit hack. Many users are opting for non-custodial staking solutions or hardware wallets to enhance security.
While Ether ETFs in the United States do not currently permit staking, the SEC recently acknowledged requests from issuers like 21Shares to allow a portion of their holdings to be staked. In Europe, Ether ETFs are already permitted to engage in staking, and analysts believe that US regulators may follow suit in the near future.
Since their launch in July, Ether ETFs attracted close to $3 billion in net inflows, according to data from Farside Investors. However, they are still behind Bitcoin ETFs, which have been a key driver of institutional crypto adoption and attracted over $37 billion in net inflows since January of 2024.
Ethereum ETF flow (Source: Farside Investors)
Staking itself is a fundamental aspect of the Ethereum blockchain that requires users to lock up their Ether as collateral with a validator in exchange for network rewards. While stakers earn ETH payouts through fees and rewards, they also face the risk of slashing, where part of their collateral is lost if the validator misbehaves. Other blockchain networks, like Solana, also incorporate staking mechanisms.
Chainalysis Report Uncovers Record Crypto Crime Wave
It seems like crypto crime reached a new level of sophistication, driven by AI-powered scams, stablecoin laundering, and highly efficient cyber syndicates, according to the 2025 “Crypto Crime Report” by Chainalysis. The report revealed a record-breaking $51 billion in illicit transaction volume over the past year, overturning initial estimates that suggested a decline in crypto crime. Advanced laundering techniques using stablecoins, decentralized finance, and artificial intelligence created the illusion of reduced illicit activity, while in reality, criminals adapted to evade detection.
(Source: Chainalysis)
Traditional cybercrime methods have given way to professionalized fraud cartels, nation-state hackers, and AI-driven deception. While ransomware payments dropped 35% year-over-year, cybercriminals are increasingly shifting away from Bitcoin in favor of stablecoins, Monero, and DeFi exploits.
The report revealed a major shift in the landscape, with stablecoins now accounting for 63% of all illicit crypto transactions. Their speed, liquidity, and ability to bypass regulatory oversight made them the preferred tool for laundering large sums of money while evading detection.
(Source: Chainalysis)
Unlike Bitcoin, stablecoins offer near-instant transactions without the volatility, making them ideal for criminals who are looking to move funds undetected. In response, stablecoin issuers like Tether have taken action by freezing hundreds of addresses tied to illicit activity, pushing criminals toward alternative privacy-focused solutions like Monero and DeFi-based laundering schemes. As authorities and crypto firms work to counter these threats, the battle against financial crime in the digital space is only becoming more complex.
Source: https://coinpaper.com/7765/thor-chain-faces-backlash-as-vote-to-block-stolen-funds-is-reversed