Recent activities on the blockchain have piqued the interest of the crypto community, as hackers continue to exploit decentralized protocols for laundering their stolen assets.
In a seemingly planned operation, hackers transferred 17,778.7 ETH today through THORChain, converting it into DAI with remarkable speed, raising fresh concerns about illicit actors aiding the movement of funds within the crypto ecosystem.
THORChain Used to Launder Nearly $45 Million in ETH
This morning, on-chain observers recorded a wallet selling 8,698 ETH for 22.12 million DAI, at an ETH price of $2,543.40. What drew attention was not only the amount but also the origin of the ETH. Just 90 minutes prior to this sale, the ETH had been transferred from THORChain, a decentralized cross-chain exchange that is increasingly scrutinized for its role in laundering hacked funds.
While THORChain facilitates seamless cross-chain swaps without intermediaries, it has gained notoriety among criminals looking to obscure the origins of illicit crypto. Its decentralized nature enhances the anonymity of assets once bridged across different chains.
In just a few hours, blockchain analysts revealed that an additional 9,080.7 ETH linked to the same operation was also funneled through THORChain and sold for 22.82 million DAI. Altogether, the two coordinated transactions resulted in 17,778.7 ETH being exchanged for 44.94 million DAI, with an average price of around $2,528 per ETH.
Funds from Coinbase and Bybit Hacks Resurface
This recent activity is believed to be associated with the hackers behind notable breaches, including the attack on Coinbase, which compromised user accounts, and the $40 million theft from Bybit. On-chain intelligence suggests that the ETH sold today might be directly linked to the funds stolen in these incidents.
It is noteworthy that the Bybit hacker employed a similar laundering methodology, attempting to obscure their trail while transferring large amounts of ETH. Today’s actions mirror the sequence of the Bybit hack, starting with assets entering THORChain and concluding with those assets being exchanged for DAI, a stablecoin often associated with illicit transactions.
Though the hackers’ identities remain obscured, indications suggest they operate as a coordinated group, leveraging decentralized infrastructure to stay ahead of law enforcement. This likely involves an anonymous source that minimizes risk for any hacker group wishing to engage in discreet monetary transfers.
The fact that these launderers executed two significant cash-out batches at varying prices indicates a strategic approach—possibly even informed by inside information.
Increased Scrutiny of Cross-Chain Protocols
The DeFi community has praised THORChain’s cross-chain functionality, but it is rapidly becoming central in discussions about its role in illicit activities. Allowing users to swap assets anonymously across blockchains provides a pathway for individuals to launder cryptocurrency, making stolen tokens appear legitimate. THORChain cannot determine the subsequent fate of those tokens, even as they are converted into stablecoins like DAI or USDC.
While THORChain is designed as a neutral protocol, incidents like this raise important questions about DeFi’s integrity: when even the best protocols must deal with bad actors, the promise of decentralization and privacy in finance appears at risk.
Today’s transactions occurred over a nearly two-hour window totaling about $45 million, reigniting discussions on the need for enhanced oversight and monitoring tools for dubious activities on these platforms. This incident underscores the critical demand for improved on-chain analytics within DeFi.
However, achieving these improvements presents challenges, as there appears to be a scarcity of effective methods to address these issues. Without alternative solutions, boosting oversight and enforcement will be exceedingly difficult.
Authorities have yet to issue a formal statement regarding this incident. Meanwhile, industry experts are raising alarms, arguing that the increasing sophistication of laundering methods could render even the most advanced protocols like THORChain vulnerable if this trend continues.
As the situation develops, it is anticipated that the crypto industry and affected platforms such as Coinbase and Bybit will step up their internal controls and reconsider how decentralized tools intersect with risk management, particularly in a landscape where threats evolve as swiftly as the platforms themselves.