THORChain Developer Resigns Over Reversed North Korea Sanctions Vote
A core developer of THORChain, known only as “Pluto,” has announced their resignation from the cross-chain swap protocol following the reversal of a vote to block transactions linked to North Korean hackers.
The departure marks a significant moment for the decentralized finance (DeFi) project, which has seen record-breaking trading volumes despite growing regulatory scrutiny.
Developer Fallout Over Sanctions Vote
Pluto made the announcement on Feb. 27 via an X post, stating, “Effectively immediately, I will no longer be contributing to THORChain.” However, they assured the community that they would remain available for a transition period to ensure an orderly handoff of responsibilities.
Pluto’s exit comes in the wake of a controversial governance decision. THORChain validator TCB revealed on X that they were among three validators who voted to halt Ethereum (ETH) transactions on THORChain to prevent Lazarus Group, a North Korean hacking collective, from laundering stolen funds. However, this vote was overturned almost instantly.
I was part of the 3 validators that voted to halt $eth trading on @THORChain
— TCB (@1984_is_today) February 27, 2025
I've been having discussions with @Pluto9r, @ol3gpetrov, @zachxbt and others about blocking the flows from ByBit hack
I hope we get a resolution before a validator resumes trading@ol3gpetrov is…
“Halting a chain is an operational setting. It requires three node votes to be effective and four votes to be reversed,” explained THORSwap developer Oleg Petrov. Following this reversal, TCB also signaled their intention to leave if a solution to block North Korean transactions is not quickly implemented.
Also read: Crypto Exchange eXch Denies Bybit Hack Allegations Amid Growing Scrutiny
Lazarus Group Moves Millions Through THORChain
According to Lookonchain, the Lazarus Group has been leveraging THORChain to process significant amounts of illicit crypto assets. Following their $1.5 billion heist from Bybit on Feb. 21, the hackers have reportedly transferred $605 million worth of ETH through the network, raising concerns about the protocol’s vulnerability to illicit financial activity.
The #Bybit hacker is laundering funds via #THORChain!
— Lookonchain (@lookonchain) February 28, 2025
So far, the #Bybit hacker has laundered 270K $ETH($605M, 54% of the stolen funds) and still holds 229,395 $ETH($514M). pic.twitter.com/NtcKUpxsxc
Regulatory agencies, including the FBI, have urged crypto exchanges and validators to take action against the Lazarus Group. The agency has confirmed that North Korea was responsible for the Bybit hack, further increasing pressure on DeFi protocols to strengthen compliance measures.
Record-Breaking Volumes Amid Controversy
Despite the turmoil, trading volumes on the network have surged to record highs. On Feb. 26, the protocol processed nearly $860 million in swaps, its highest-ever daily volume. The momentum continued into Feb. 27, with an additional $705 million in trading activity.
Also read: $1.4 Billion Bybit Hackers Now Tied to Solana Meme Coin Scams
The sharp increase in activity has sparked debate over THORChain’s role in facilitating decentralized swaps, with critics arguing that its infrastructure lacks sufficient decentralization to resist external regulatory pressures.
THORChain’s Decentralization Questioned
THORChain’s founder, John-Paul Thorbjornsen, emphasized that he has no direct involvement in the protocol’s operations but defended its neutrality. In a recent interview, he clarified that none of the sanctioned wallet addresses flagged by the FBI and US Treasury’s Office of Foreign Assets Control (OFAC) have ever interacted with THORChain. Instead, he argued that hackers are simply moving funds faster than screening services can detect.
I recommended to all the nodes I delegate with to continue trading.
— JP (@jpthor) February 28, 2025
I have checked the OFAC/FBI list and none of those addresses have *ever* interacted with TC. I have not been served by any authority, nor aware of any node that has.
I will support my nodes to run a static… https://t.co/zYghRCGkuZ
“It is unrealistic to expect these blockchains to censor, including THORChain,” Thorbjornsen stated, reinforcing the protocol’s decentralized nature. He also noted that Lazarus Group’s ETH-to-BTC swaps typically end up at centralized exchanges, where they can be converted into fiat.
However, TCB challenged the project’s decentralization claims, arguing that its validator base is too small to withstand a regulatory crackdown. In a post on X, TCB described THORChain’s governance model as highly centralized, stating:
“You can say as many times as you want that a blue car is red, but it won’t make THORChain truly decentralized, censorship-resistant, and permissionless.”
TCB also claimed that the protocol’s key corporate actors, which provide most of its user flows, already practice transaction censorship at their front ends. “A lot of them will be moving on if THORChain keeps this going,” they warned.
Also read: Bybit Billion-Dollar Blind Spot: $1.4B Hack Shocks Crypto World
The Future of THORChain
As THORChain continues to grow, the protocol faces an uphill battle in balancing decentralization, regulatory compliance, and security concerns. With a key developer stepping down and a validator threatening to follow, the network’s governance model may come under increased scrutiny from both the community and regulators.
While THORChain’s record-high trading volumes indicate strong demand for its cross-chain swap services, the ongoing controversy surrounding North Korean-linked transactions raises critical questions about its long-term viability. Whether THORChain can withstand regulatory pressure while maintaining its core principles of decentralization remains to be seen.
