THORSwap gives hacker 72 hours to return stolen assets
THORSwap offered a bounty for the return of stolen assets from a wallet linked to THORChain co-founder John-Paul "JP" Thorbjornsen after hackers drained over $1 million earlier this week.
Blockchain investigators reported that an address connected to the theft received the on-chain bounty offer recorded on Etherscan. The message included THORSwap’s contact information and the 72-hour deadline and directed the attacker to contact the project's team. Furthermore, ZachXBT confirmed that the wallet belongs to the co-founder of THORChain and verified the total amount of losses.
A few days ago, attackers emptied JP's personal wallet of approximately $1.2 to $1.35 million through a Telegram deepfake phishing attack. The attack began when a friend's Telegram account was compromised. Hackers used a deepfake video call to gain credibility and ultimately accessed JP's private keys stored in iCloud Keychain.
The targeted wallet was an old MetaMask wallet that JP said he had "completely forgotten." He explained the compromised wallet contained staked assets that did not appear on standard blockchain explorers. He suggested attackers may have used a recently patched vulnerability or an active zero-day exploit. Other wallets with different security configurations were not affected.
Earlier this year, THORChain faced increased scrutiny over its role in money laundering. Researchers reported North Korean hackers used THORChain extensively to hide funds from major attacks. Industry participants debated how decentralized protocols should respond when tainted assets pass through their systems.
The targeted wallet was an old MetaMask wallet that JP said he had "completely forgotten." He explained the compromised wallet contained staked assets that did not appear on standard blockchain explorers. He suggested attackers may have used a recently patched vulnerability or an active zero-day exploit. Other wallets with different security configurations were not affected.
THORSwap has previously taken action when investigators traced stolen funds through the protocol. In October 2023, the interface entered maintenance mode after analysts found stolen assets moving through it. The team cited consultations with legal advisors and law enforcement.
Earlier this year, THORChain faced increased scrutiny over its role in money laundering. Researchers reported North Korean hackers used THORChain extensively to hide funds from major attacks. Industry participants debated how decentralized protocols should respond when tainted assets pass through their systems.
Recommended