Source: Cointelegraph
Original: “THORChain Faces a Dilemma: The Intense Collision Between Decentralized Vision and Illicit Activity Risks”

THORChain has been labeled a "money laundering protocol"—a tag that any decentralized finance (DeFi) project seeks to avoid unless it is prepared to face the relentless pressure from regulators.

Supporters counter the criticism by defending decentralization, while opponents point to the recent centralization tendencies exposed by the protocol. After stealing $1.4 billion from Bybit, the North Korean state-sponsored hacking group "Lazarus Group" flocked to THORChain, using it as their preferred channel to exchange Ethereum (ETH) for Bitcoin (BTC). The group completed the entire conversion of the stolen funds within just 10 days after the attack.

This controversy has sparked internal conflicts, governance rifts, and developer departures, revealing a deeper issue: when criminal activities exploit DeFi on a large scale, can it still remain neutral?

THORChain is not a mixer

As a decentralized exchange protocol, some argue that calling it a money laundering tool is unfair, as all outputs are traceable. It differs from mixers, which aim to obscure the flow of funds—though users have various motivations for using mixers, some merely for privacy protection, while others engage in illegal activities.

Federico Paesano, head of investigations at blockchain analytics firm Crystal Intelligence, pointed out in a LinkedIn post that it is misleading to claim that North Korean hackers "laundered" Bybit's stolen funds through THORChain. "So far, there has only been asset conversion, with no concealment. The stolen ETH was exchanged for BTC through multiple service providers, but each transaction is fully traceable. This is not money laundering; it is simply cross-chain asset transfer."

Tracking the funds converted to Bitcoin, while time-consuming, is not impossible. Source: Federico Paesano

Hackers also transferred funds through decentralized exchanges like Uniswap and OKX, but THORChain has become a regulatory focus due to the massive volume of funds it handles. Bybit CEO Ben Zhou revealed in a post on March 4 that 72% of the stolen funds (361,255 ETH) flowed through THORChain, with its scale far exceeding that of other DeFi service platforms.

Over $1 billion in Ether from the Bybit theft has been traced to THORChain. Source: Coldfire/Dune Analytics

Rachel Lin, CEO of decentralized exchange SynFutures, told Cointelegraph, "The core advantage of a truly decentralized platform lies in its neutrality and resistance to censorship, which is the foundation of blockchain's value proposition. The boundary between decentralization and accountability can be redefined with technological advancements—while human intervention contradicts the idea of decentralization, technical innovations at the protocol level can automatically prevent illegal activities."

Notably, THORChain has profited at least $5 million in fees from these transactions, which is a windfall for a project already facing financial difficulties. This financial gain has intensified external skepticism: is THORChain's refusal to intervene based on decentralization principles, or merely driven by self-interest?

Source: Yogi (screenshot cropped by Cointelegraph for easier viewing)

Governance rifts emerge: When "decentralization" becomes a shield

This controversy has exposed the core contradictions faced by THORChain. To prevent hackers from laundering money, three validator nodes voted to suspend ETH trading, but this decision was quickly overturned by four other nodes. This incident reveals a deep paradox in its governance model:

While the protocol touts "absolute decentralization," it had previously suspended lending functions (retaining only exchange services) due to repayment risks. This selective intervention has raised community concerns—when the project's own interests are at stake, the so-called principles of decentralization can be easily breached.

The cryptocurrency community sharply points out that THORChain practices "self-serving decentralization": governance interventions are only initiated when it aligns with the protocol's interests. This pseudo-decentralized operation stands in stark contrast to its white paper's claim of being "permissionless and censorship-resistant."

Source: Dan Dadybayo

Public backlash followed. THORChain core developer Pluto announced his resignation, while another developer, TCB, who claimed to have participated in the vote to suspend ETH trading, hinted that he would also exit unless governance issues were resolved.

Blockchain investigator ZachXBT publicly accused THORChain's decentralized exchange Asgardex of not refunding the transaction fees from the hackers, while other protocols reportedly returned the illicit gains. In response, THORChain founder John-Paul Thorbjornsen argued, "Centralized exchanges have profited millions from illegal trades for years, only retracting when pressured by regulators."

"This double standard is disgusting. Are we supposed to make ETH and BTC nodes refund transaction fees? What about developers of underlying software like GETH or BTCCore who rely on funding/donations?" Thorbjornsen retorted.

Source: ZachXBT

THORChain faces increasing regulatory risks, as previously demonstrated by privacy tools

Currently, THORChain has not faced direct enforcement actions from the government, but history shows that DeFi protocols facilitating illegal finance may never escape scrutiny. In 2022, the well-known crypto mixing tool Tornado Cash was sanctioned by the U.S. Treasury for being used to launder billions of dollars, although this sanction was later overturned by a U.S. court. Similarly, in 2023, Railgun came under FBI scrutiny for being used by North Korean hackers to transfer $60 million in stolen funds for laundering.

Railgun is a unique case because it is marketed as a privacy protocol rather than a mixing tool or decentralized exchange (DEX). However, this distinction still draws parallels to THORChain, as privacy protocols are often criticized for potentially facilitating illegal activities.

"Critics often claim that privacy-focused projects foster crime, but in reality, protecting financial privacy is a fundamental right and a cornerstone of decentralized innovation," Chen Feng, head of research at Autonomys and a blockchain research professor at the University of British Columbia's Okanagan campus, told Cointelegraph.

"Technologies like ZK proofs and trusted execution environments can protect user data without completely obscuring illegal activities. Through optional transparency measures and robust on-chain evidence, suspicious patterns can still be detected. The goal is to find a balance: empowering users with privacy protection while ensuring the system is equipped with safeguards to prevent and trace illegal use."

Lin from SynFutures stated that the ongoing illegal use of decentralized protocols will "absolutely" lead regulators to take extreme measures.

"If governments perceive decentralized protocols as systemic risks, they are likely to escalate their actions. This could include sanctioning protocol addresses, pressuring infrastructure providers, blacklisting entire networks, or holding developers accountable," she said.

Increased pressure on THORChain

THORChain supporters argue that it is being unfairly singled out, as hackers also use other DeFi protocols. However, regulators often focus on the largest facilitators, and THORChain handled the vast majority of the stolen funds in the Bybit hacking incident. This makes it a vulnerable target for enforcement actions, from sanctions by the U.S. Treasury's Office of Foreign Assets Control (OFAC) to lawsuits against developers.

"When the vast majority of funds flow from stolen money in North Korea's largest theft in human history, this becomes a national security issue; this is no longer a game," TCB wrote on X.

"To ensure you have credible decentralization, you need a network with over 1,000 independent validators. @Chainflip was able to quickly address this issue at the network level and implement censorship across all front ends for this reason."

If regulators decide to crack down, the consequences could be severe. Sanctions against THORChain's validators, front-end services, and liquidity providers could cripple its ecosystem, while major exchanges might delist RUNE (RUNE) from trading pairs, cutting off its liquidity.

Additionally, there could be legal actions against developers, as seen in the Tornado Cash case, or pressure to introduce compliance measures, such as filtering sanctioned addresses—this would conflict with THORChain's decentralization principles and alienate its core user base.

THORChain's entanglement with North Korean hackers places it at a crossroads. The protocol must decide whether to take action now or risk regulatory intervention and having decisions made for it.

Currently, the protocol remains steadfast in its hands-off approach, but history shows that DeFi projects that ignore illegal activities do not remain untouched forever.

Related: Trump-backed World Liberty Financial partners with Pakistan's cryptocurrency committee

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。