THORChain, a decentralized crosschain swap protocol, has witnessed a surge in transaction volume following the $1.4 billion exploit of cryptocurrency exchange Bybit.
On February 26, the protocol processed a record-breaking $859.61 million in swaps, according to data from THORChain Explorer.
The momentum continued on February 27, adding another $210 million, pushing total swap volume past $1 billion in under 48 hours.
Concerns Over Laundering Tactics
The North Korean state-sponsored hacking group Lazarus has been known to convert stolen cryptocurrencies into Bitcoin to obscure their origins.
Blockchain analysts have previously identified a pattern of Lazarus-linked funds flowing through decentralized platforms to avoid detection.
The surge in THORChain’s usage comes at a time when the protocol is already under scrutiny.
In January, it paused Bitcoin and Ethereum lending after accumulating $200 million in liabilities, leading to a debt restructuring plan.
However, its swapping functionality has remained operational, drawing concerns over its role in facilitating illicit fund movements.
Nine Realms engineer “Pluto,” a core developer at THORChain, acknowledged that illicit funds have passed through the protocol but emphasized that the team has implemented measures to help wallet and integration partners screen transactions.
He argued that THORChain’s decentralized nature should not be blamed for how users engage with its services.
Meanwhile, THORChain’s native token RUNE has surged 36.6% in the past week, according to CoinGecko data, reflecting increased demand for its services.
Bybit has launched a website to track the movement of its stolen funds and is offering a bounty to entities that assist in freezing them.
As of February 27, the site identified seven cooperative exchanges and one uncooperative platform, eXch, a no-Know Your Customer (KYC) swap service that has refused to freeze funds linked to the hack. eXch has denied laundering funds for North Korea.
Investigators, including blockchain analyst ZachXBT and the U.S. Federal Bureau of Investigation (FBI), have confirmed that Lazarus Group was behind the February 21 attack.
Reports from Sygnia and Verichains revealed that hackers breached a SafeWallet developer’s credentials, injecting malicious JavaScript into SafeWallet’s AWS infrastructure to deceive signers into approving fraudulent transactions.
In response, SafeWallet developers have rebuilt their security framework, reconfigured infrastructure, and rotated credentials to prevent future breaches.
Chainflip Plans Upgrade to Block Bybit Hackers from Using Its Platform
As reported, Chainflip, a cross-chain DEX, is preparing a protocol upgrade aimed at preventing hackers responsible for the recent $1.4 billion Bybit hack from using its platform to launder stolen assets.
“The broad and overwhelming consensus amongst the Chainflip ecosystem is that illicit flows endanger the protocol by exposing LPs to too much risk,” the team said.
The upcoming 1.7.10 upgrade introduces enhanced screening tools that allow broker operators—including platforms like SwapKit and the Rango DEX aggregator—to reject suspicious deposits of ETH and ERC-20 tokens.
The Bybit hack, which occurred on February 21, is now considered the largest crypto heist in history.
Hackers exploited the exchange’s multi-signature approval process by using a fake user interface to conceal a malicious smart contract, ultimately draining a large portion of Bybit’s Ethereum (ETH) reserves.
The post Crosschain Swap Protocol THORChain Sees Spike in Activity After Bybit Hack appeared first on Cryptonews.
