THORChain generated more than $5 million in total revenue after the protocol’s asset swap volume hit record highs, driven by the exploiter behind the $1.4 billion Bybit hack.
Centralized crypto exchange Bybit was hacked for over $1.4 billion worth of crypto on Feb. 21 in the largest hack in crypto history.
The North Korean state-affiliated Lazarus Group, identified as the main suspect by blockchain security firms, continued laundering the stolen funds, using crosschain asset swap protocol THORChain for a significant part of the transfers.
Since the exploit, THORChain has processed more than $5.4 billion in total swap volume, generating about $5.5 million in revenue, according to data from the THORChain explorer.
Total swap volume. Source: THORChain explorer
THORChain’s swap volume exceeded $1 billion in a single day following the Bybit hack, according to a Feb. 27 report from Cryptox. The protocol generated over $554,000 in total income that day.
Amid the revenue milestone, THORChain remains under scrutiny for its role in facilitating the movement of illicit funds. On Feb. 28, a THORChain developer quit the protocol after a vote to block North Korean hacker-linked illicit funds was reverted.
“Effectively immediately, I will no longer be contributing to THORChain,” the crosschain swap protocol’s core developer, only known as “Pluto,” wrote in a Feb. 27 X post.
Related: ADA, SOL, XRP rally after Trump’s crypto reserve announcement
THORChain criticized for allowing stolen funds to flow
“THORChain just helped North Korea launder $605 million. No KYC, no off switch, no resistance. Lazarus Group jacked Bybit for $1.5 billion in February 2025, then funneled the stolen ETH through THORChain like it was built for them,” crypto commentator Yogi wrote in a March 4 X post.
Source: Yogi
“Other protocols have blocked dirty wallets without killing decentralization. THORChain had options—Elliptic, transaction monitoring—but ignored them,” he added.
Related: Bybit hacker launders $605M ETH, over 50% of stolen funds
On Feb. 26, blockchain analytics firm Elliptic flagged 11,084 cryptocurrency wallet addresses suspected of being linked to the Bybit exploit. That list is expected to grow as investigations continue.
On March 4, Bybit CEO Ben Zhou confirmed that $280 million of the stolen funds had gone dark, meaning that it had been laundered and was no longer traceable.
Magazine: THORChain founder and his plan to ‘vampire attack’ all of DeFi
