THORChain Sees Record Activity Amid Bybit Hack Fallout

According to Cointelegraph, THORChain, a crosschain swap protocol, has witnessed a significant increase in activity following a major exploit of the cryptocurrency exchange Bybit, valued at $1.4 billion. On February 26, THORChain processed $859.61 million in swaps, marking its highest daily volume to date. This momentum continued into February 27, with an additional $210 million in swaps, pushing the total swap volume to over $1 billion within a 48-hour period.

THORChain facilitates direct asset swaps across various blockchains, such as exchanging Ether (ETH) for Bitcoin (BTC). This surge in activity follows the Bybit hack, which has been linked to the North Korean state-sponsored hacking group Lazarus. Blockchain analysts have noted that Lazarus frequently converts stolen digital assets into Bitcoin to obscure their origins. Despite the controversy surrounding THORChain, including a pause on Bitcoin and Ether lending in January due to $200 million in liabilities, the protocol's swaps have remained active. THORChain core developer Nine Realms engineer "Pluto" defended the protocol, emphasizing efforts to help partners implement screening services to address illicit activities.

In response to the Bybit hack, Bybit has launched a website to track the laundering of its stolen funds and is offering a bounty to exchanges and entities that assist in freezing these assets. The site has identified seven good actors and one bad actor, eXch, which has faced criticism for not freezing funds linked to the hack. eXch has denied allegations of laundering funds for North Korea. The Bybit exploit, which occurred on February 21, was attributed to the Lazarus Group by ZachXBT and later confirmed by the U.S. Federal Bureau of Investigation. Third-party forensic investigations revealed that the Lazarus Group stole Ether from Bybit by compromising SafeWallet credentials. Reports from Sygnia and Verichains indicated that a Safe developer's credentials were breached, allowing attackers to deceive signers into approving a malicious transaction. In response, SafeWallet developers have rebuilt and reconfigured their infrastructure, implemented new security measures, and rotated all credentials to prevent future attacks.