- North Korea turns to Defi to whiten the piracy funds of $ 1.4 billion.
- In response, the protocols implement measures to block illegal activity.
- But some warn that these actions may undermine the fundamental principle of deffi without authorization.
The Chainflip team had already called it one day and went out to have a drink when Crypto Exchange Bybit was hit by a record robbery of $ 1.4 billion.
Initially, they were not too worried that the pirate uses Chainflip, a smaller decentralized crypto exchange, to transfer stolen funds.
All this changed when later in the evening, they discovered that the Lazare group, the North Korean pirates sponsored by the state, was behind the attack.
“They know us,” said Shaun Van Vuuren, Chainflip marketing manager, said DL News In an interview, telling the event. “They will use us, we are always their main target.”
And use a chain river they made. Lazarus began to channel the stolen crypto through the exchange just hours after the flight.
We have detected the activity of the @Bybit_official Exploiter trying to exchange USDC through our front.
As a precaution, we have temporarily put our front / exchange application in maintenance mode, and Swaps are currently deactivated.
– Chainflip Labs (@chainflip) February 22, 2025
Defi protocols and Chainflip exist in a regulatory gray area and are not subject to EU markets in the regulation of cryptographic assets which entered into force in 2023.
The Berlin -based startup was to make a big decision – and quickly.
Stay faithful to the bottom of the crypto decentralization and let Lazarus use Chain Flip as part of its complex laundering activities, or try to stop the hermit kingdom on its traces.
“We have seen an opportunity here where we could simply say,” fuck it “- we are not going to be part of it,” said Van Vuuren.
Chainflip told its liquidity suppliers to draw their funds and then improved the Ethereum version of the exchange with measures in place to help block Lazarus and other bad players to use it.
Now, those who use or integrate the exchange can scan transactions and tell the network to reject them if they come from Lazarus or other bad players.
Van Vuuren said that Chainflip had to sacrifice part of his short -term decentralization to do this, but that he is working to become more decentralized in the future.
Sacrilege of challenge
For some, however, Chainflip’s actions are sacrilegious.
The pure decentralization of duhards claims that the efforts to block Lazarus will focus on a path that erodes its nature without permission.
The blocking of certain transactions and not others is a slippery slope to recreate the traditional wall system Defi wants to differentiate itself, they say.
The Chainflip solution is not perfect either. Thursday, the exchange said that he had interrupted His Solana and Arbitrum versions after Lazarus also tried to send funds via these blockchains.
It’s not just Chainflip with this problem.
Thorchain, a greater competitor in the chain, could not prevent North Korea from laundering the funds it stolen. His community is deeply divided on the issue, according to interviews with the main contributors and the discussion newspapers visualized by DL News.
Unlike Chainflip, where the company behind the exchange can help guide its users, Thorchain has no central authority and is rather managed by a distributed network of validators. If the validators do not accept the modifications, they cannot be implemented.
Until now, Lazarus linked portfolios have used Thorchain to exchange $ 742 million The value of cryptocurrencies stolen in Bybit, according to the analysis of Taylor Monahan, principal researcher at the Wallet Metamask crypto.
Lazarus whitening
The Lazare group has stolen billions of dollars in crypto exchanges, protocols deffi and individual users in recent years.
The group usually tries to convert the stolen crypto into Bitcoin because it is the easiest asset to exchange for money.
Chainflip and Thorchain are a leading choice for North Korean pirates, because these are the only sites defined with enough cash to exchange large quantities of other cryptocurrencies in Bitcoin.
Defi protocols like Chainflip and Thorchain are made up of the underlying blockchain code that performs transactions, and a website that allows users to easily interact with the code and submit transactions, known in industry and frontal.
Chainflip works with the Elliptical Crypto Safety Company to block the cryptographic addresses associated with North Korea for the use of its frontal. Thorchain has no official frontal, but many associated projects that provide fronts to prevent North Korea from using them.
The blocking of North Korea of the use of the front ends helps slow whitening, but that does not stop it entirely.
Lazare can always bypass the blocks by interacting directly with the Protocol Code, or through a front third party which does not block its cryptographic wallets, as shown in the amount of whitewashed funds via Thorchain from bybit hacking.
This is why Chainflip has taken additional measures to allow its stakeholders to report Lazarus transactions to prevent the network from processing them.
Thorchain’s schism
But on Thorchain, the community has not been able to agree on the implementation of similar measures.
There is an increasing fracture between those who argue to change the code of the protocol to prevent the laundering of North Korean silver and those who consider transactions to censor in the protocol as untenable.
Thursday, some Thorchain validators tried to stop the Ethereum version of the protocol to stop the laundering funds in North Korea. Although the judgment was initially implemented, it was reversed after 30 minutes, signaling a gap between the validators.
“The frontal ends of Thorchain have already been blocking transactions for years”, Michael Perklin, member of the Thorchain community, said In the discord of the project, plead against the blocking of the transactions of Lazarus at the level of the protocol. “It’s their work – not the protocol.”
“The establishment of the previous one to stop an entire chain to stop the flow of illicit funds will lead to endless stops”, another member of the Thorchain community said On X. “Thorchain should follow and report transactions as much as possible, but do not stop an entire chain to stop them.”
Pluto, a prominent pseudonym Thorchain developer, go away of the project shortly after the stop.
Possible solution
One solution is that Thorchain validators could all agree to configure their software to ignore the transactions of bad actors like Lazarus.
In this way, the bad players would not be able to use Thorchain, and the validators would not have to decide to accept or reject the transactions because they did not even know that they had been asked to make one.
“It’s like going to a bank cashier and putting them on $ 5,000, and they can’t even see that you are there, essentially,” said a Thorchain developer who asked not to be appointed to DL News.
“I think this is the best solution to this problem,” said the same developer. “There are certainly people against it, and there are certainly people for that.”
However, Thorchain having already allowed Lazarus to exchange millions of crypto, the change, in case of success, can happen too late to have a significant impact this time.
Tim Craig is DL News’ DEFI correspondent based in Edinburgh. Handle with advice Tim @dlnews.com.
