Decentralized exchange (DEX) THORSwap has temporarily placed its interface into maintenance mode after identifying potentially illegal transactions.
A pressing and persistent concern has recently come to light: the potential movement of illicit funds through THORChain and, specifically, THORSwap. Such activities have no place on the THORSwap platform, and THORSwap stands firmly against any and all criminal…
— THORSwap ⚡ #BetterThanCEX (@THORSwap) October 6, 2023
“Such activities have no place on the platform, THORSwap firmly stands against any criminal activities,” the project team said.
The exchange previously consulted with consultants, lawyers and law enforcement agencies.
THORSwap will remain in maintenance mode until “a more permanent and reliable solution is implemented to ensure the permanent security and integrity of the platform.”
The developers made this decision after repeated reports that the hacker who hacked FTX and other criminals were transferring funds through DEX.
ConsenSys head of product Taylor Monahan said that hackers associated with the Russian Federation and the DPRK, as well as people involved in money laundering, “love” THORSwap.
Welp, the hackers and money launderers—both the Russian/CIS region ones and North Korean ones—are loooooving @ThorChain lately
In fact, in the last four months, ***more than 50%*** of the ETH -> to ThorSwap Router -> to BTC have been stolen funds. 😬😬😬😬😬
— Tay 💖 (@tayvano_) October 1, 2023
According to her, over the past four months, approximately 65% of the ETH volumes that were converted into Bitcoin through the THORSwap Router were stolen funds.
According to THORChain Explorer, the volume of swaps on DEX increased significantly in September, and on October 5 the figure reached a record $355 million.
Monahan discovered approximately 34,583 ETH (~$57 million) believed to be associated with various hacks.
“And these are only clearly stolen funds coming directly from the thieves’ addresses. There is still at least 3,300 ETH that are openly laundered – for example, some of the funds came directly from Tornado Cash or Railgun,” she emphasized.
Specifically, the “account buster” FTX transferred a total of 19,944 ETH (~$32 million) using six wallets.
Here’s the hacks / stolen funds I identified so you can check my work:
1. FTX Accounts Drainer (Not DPRK)
Total: 19,944 ETH (~$32m)
7,499 ETH in 4 Txn – 0x6e0e8dac46c3ebffd67887097dfda10d11dcbab6
4,749 ETH in 3 Txn – 0x68cc13a43da1e1ba7de3002df8a07665ea8b5f5f
3,999 ETH in 3…
— Tay 💖 (@tayvano_) October 1, 2023
Funds were transferred to THORSwap after the hacking of Stake.com, which was backed by the DPRK group Lazarus. In total, North Korean hackers transferred $21.2 million in various digital assets to DEX.
Monahan said cryptocurrencies linked to attacks on Nirvana Finance and Atomic Wallet, as well as relatively minor hacks of private wallets, were sent to the platform.
“I’m a big proponent of decentralized technology and privacy. But many of [подобных платформ], don’t seem to really understand what value their product or service actually provides and to whom. It is terribly naive to pretend that you are changing the world or empowering people when the vast majority of your ideas are used by thieves, money launderers and authoritarian regimes,” Monahan concluded.
Let us remind you that August 8 OFAC added the cryptocurrency mixer Tornado Cash to the sanctions list on suspicion of laundering over $7 billion in cryptocurrencies. The service’s services were also used by the North Korean hacker group Lazarus Group.
Chainalysis estimates that more than $3.5 billion has passed through the platform during its operation, of which up to $1.2 billion is directly related to thefts, hacks and other illegal transactions.
Found an error in the text? Select it and press CTRL+ENTER
ForkLog newsletters: keep your finger on the pulse of the Bitcoin industry!