THORSwap, a key player in decentralized finance, has sent a clear message to a hacker. They want stolen funds back. They’re offering a reward and promising no legal trouble if the money is returned quickly. This bold move follows a hack that hit a co-founder of the THORChain network, costing them a significant sum. The clock is ticking: return the assets within 72 hours, or face the consequences.
The target of this digital theft was John-Paul Thorbjornsen, one of the founders of THORChain. His personal digital wallet was emptied, losing over $1.35 million. It’s crucial to understand that this was an attack on his individual funds, not on the core THORChain system itself. The network’s main operations remained secure.
The news first caused a buzz. Security firm PeckShield initially spotted the on-chain messages and thought the entire THORChain network had suffered an exploit, estimating about $1.2 million missing from the protocol. However, the THORChain team quickly clarified the situation. They confirmed the attack was on a personal wallet, not a vulnerability in the main system. THORSwap backed this up, stating simply, “no protocol (thorchain or thorswap) was compromised.” This quick correction helped clear up any early confusion.
How the Attack Unfolded
So, how did the hackers manage to get in? Thorbjornsen himself shared the details. His older MetaMask wallet was drained. The attack began with a deceptive message sent from a friend’s Telegram account, which had been hacked. This message contained a fake Zoom link. Clicking it opened the door to trouble. Reports suggest that North Korean hackers might be behind the operation.
Thorbjornsen explained that his MetaMask wallet was set up in a separate Chrome profile, and its key was stored in iCloud Keychain. Despite these precautions, the attackers used a “zero-day” exploit. This refers to a newly discovered software flaw that hackers can use before developers have a chance to fix it. The incident prompted Thorbjornsen to re-evaluate his own security. He now emphasizes the importance of “threshold signature wallets,” which split security keys across multiple devices, making them far more difficult to compromise.
Tracking the Stolen Assets
Looking at the stolen money, the hacker took about $1.03 million in Kyber Network tokens. Another $320,000 came from THORSwap tokens. All these funds were moved to a digital address known as “Exploiter 6.” This is the same address where THORSwap sent its on-chain bounty messages. Most of the stolen assets, aligning with PeckShield’s earlier $1.2 million figure, are now held in another address starting with “0x7Ab.” They appear to have been converted into Ethereum (ETH).
The ability to trace these digital trails is a key feature of blockchain investigations. Any user can verify these transactions. THORSwap is sticking with its reward offer. They hope to recover the funds without needing to pursue legal action. It’s a pragmatic approach to dealing with a tough situation.
Lessons for Cryptocurrency Security
This attack on a well-known founder like Thorbjornsen sends a strong message. Even experienced individuals in the crypto world face significant risks. A combination of clever social engineering and technical exploits can break through seemingly strong security measures. Cybersecurity experts often recommend using “cold wallets” for offline storage. They also advise multi-factor authentication and splitting up private keys. These steps add extra layers of protection against similar attacks.
Moreover, this incident highlights the ongoing need for regular security audits and strict management of digital credentials. While the main THORChain system was not compromised, the event shows that individual user protection is just as vital as the overall network’s security. Everyone in the crypto space needs to remain vigilant.