Bybit Hack Skyrockets THORCHAIN’s Transaction Volume to Over $1B

THORChain, a decentralized cross-chain swap protocol, has seen a massive increase in transaction volume in the face of Bybit’s $1.4 billion hack.

According to the report on THORChain Explorer on February 26, THORChain processed in record, $859.61 million in swaps. This increase continued into February 27, with an additional $210 million in swaps, propelling the total volume of the swaps to over $1 billion in less than 48 hours.

THORChain Transaction Volume Hikes

Notorious North Korean hacking group, Lazarus is known for laundering stolen cryptocurrencies through Bitcoin conversions. Crypto analysts have tracked a pattern of Lazarus-linked funds flowing through decentralized platforms to evade detection. THORChain’s recent surge in activity raises concerns, particularly given that the platform is in scrutiny.

Following a $200 million liability accumulation, the protocol stopped Bitcoin and Ethereum lending in January, implementing a debt restructuring plan. Despite this, its swapping functionality remains active, sparking worries about its potential role in promoting illicit fund transfers.

THORChain core developer “Pluto” conceded that illicit funds have indeed flowed through the protocol, but highlighted the team’s efforts to implement screening measures for wallet and integration partners. 

Meanwhile, the protocol’s native token RUNE has seen a significant 36.6% surge over the past week, as reported by CoinGecko, indicating a spike in demand for THORChain’s services.

Bybit’s Smart Move 

As regards to the hack, Bybit has created a website to track the stolen funds and is offering a reward to entities that help freeze them. As of February 27, the website identified seven cooperative exchanges and one uncooperative platform, eXch, a no-KYC swap service that refused to freeze hack-linked funds. However, eXch has denied allegations of laundering funds for North Korea.

Blockchain analyst ZachXBT and the FBI with other investigators have confirmed Lazarus Group’s involvement in the February 21 attack.

According to reports from Sygnia and Verichains, hackers compromised a SafeWallet developer’s credentials, injecting malicious JavaScript into SafeWallet’s AWS infrastructure to deceive signers into approving fraudulent transactions. In response to this act, SafeWallet developers have overhauled their security framework, reconstructed their infrastructure, and rotated credentials to avoid future breaches.