THORChain Co-Founder’s $1.3M Heist: North Korean Hackers Strike Again
Another day, another crypto hack—but this one hits close to home. THORChain's co-founder just watched $1.3 million vanish into North Korean digital wallets.
The Attack Vector
Sophisticated phishing tactics bypassed security protocols, draining funds in minutes. No fancy tech—just human error exploited at scale.
The Aftermath
THORChain insists protocol integrity remains intact. Meanwhile, Pyongyang's crypto war chest grows—because why bother with nukes when you can steal digitally?
Security experts urge cold storage solutions, but let's be real: if a co-founder gets hacked, what hope do the rest of us have? Maybe traditional finance isn't the only thing needing stricter regulation.
North Korea Hacks THORChain Founder
North Korean hacks have been prolific right now, with a large number of high-profile incidents. Last night, accounts began reporting that THORChain directly experienced such an attack, although the platform was quite adamant that company wallets were not impacted.
Instead, THORChain co-founder John-Paul Thorbjornsen confirmed that his personal funds were in the crosshairs. The incident took place a few days ago, but he directly acknowledged that he was the victim:
Yes, an old metamask (which I had completely forgotten about) was drained. They had access to my encrypted entire iCloud + keychain.
Ironically – only the private keys (radioactive) were vulnerable. Vultisig wallets were untouched, despite also using iCloud.
They're SAFE -… pic.twitter.com/TWw7AdCgPw
With this public admission, a fuller picture became clear. North Korean scammers enabled the hack by means of a video call, which is a common tactic of theirs. This enabled the hackers to find old private keys on Thorbjornsen’s iCloud, while his multisig wallets apparently remained safe.
THORSwap also offered a bounty for funds returned.
Just Desserts for Money Launderers?
Ironically, some of the crypto industry’s biggest security sleuths have been deriding the incident. ZachXBT reminded his audience that THORChain laundered funds from the Bybit hack, North Korea’s most successful crypto heist.
The platform has been accused of laundering stolen money on several occasions. For these reasons, ZachXBT called it “a bit poetic” that North Korean hacks targeted someone who “has greatly benefited financially” from these laundering incidents.
He also quoted a previous Bybit-related interview appearance from Thorbjornsen, where he defended the DPRK’s right to carry out these incidents:
“[North Korea] has the right to be sovereign. If they exploit security loopholes and are able to MOVE crypto…that is their effort. They’re not inherently doing anything wrong in my opinion,” he claimed in an interview. Thorbjornsen also confirmed that THORChain made between $5 and $10 million from processing Bybit hack funds.
In other words, this is a very chaotic incident. Since this North Korean hack only targeted one THORChain employee, there’s no guarantee that it will even change the firm’s policy.
After all, independently of financial concerns, Thorbjornsen defended the Lazarus Group’s actions on philosophical grounds.
Still, one thing seems relatively straightforward. Although crypto sleuths have already been struggling to deal with this crime wave, ZachXBT has been firm and vocal with his lack of sympathy. This could deter independent investigators from working to help track and recover these funds.
