North Korean Hackers Stole $1.3M From THORChain Co-Founder’s Wallet, ZachXBT Says It’s “Poetic”

THORChain and Vultisig co-founder JP has been scammed out of $1.3 million by North Korean hackers, which on-chain sleuth ZachXBT says is “poetic.”

The attack was a combination of a hacked Telegram account, a deepfake Zoom call, and what the co-founder believes was a zero-day exploit. 

THORChain Co-Founder Confirmed As The Victim

PeckShieldAlert was one of the X accounts that flagged the hack, noting that a user on the THORChain network had one of their personal wallets drained out of $1.2 million at the time.

JP confirmed in an X post today that it was his wallet, and said that “an old metamask” wallet that he had “completely forgotten about” had been drained of $1.3 million. 

He explained that the compromise started when a friend’s Telegram account was hacked. The hackers then invited him to a Zoom call, where a deepfake video was used to increase credibility. 

JP then clicked on a link during the call, and said that he was not presented with any suspicious prompts or requests for credentials. 

JP believes that hackers then accessed his encrypted iCloud Keychain or a separate Chrome profile on his Mac.

“They had access to my encrypted entire iCloud + keychain,” JP wrote.

Since the wallet was compromised, there have been repeated on-chain messages to the exploiter.

“Bounty offer: Return $THOR for reward. Contact [email protected] or THORSwap discord for OTC deal. No legal action if returned within 72h,” the latest on-chain message to the hacker reads.

On-chain data shows that the hacker has been sending funds through to the popular crypto mixing platform Tornado Cash. This is most likely being done as part of an effort to obscure the destination of the stolen funds, enabling the exploiter to cash the crypto out and evade detection.

Exploiter is sending funds to Tornado Cash (Source: Etherscan)

In the last 9 hours, the hacker continued to send Ethereum (ETH) to the crypto mixer.

ZachXBT Says It’s Poetic That THORChain Co-Founder Was Scammed By North Korean Hackers

ZachXBT commented under PeckShieldAlert’s post, and jabbed at the fact that North Korean hackers were the ones who scammed JP after he benefited from one of their other hacks this year.

That follows a recent documentary regarding the $1.5 billion ByBit hack in February this year. North Korean hackers were also behind this attack, and used THORChain to swap the funds. The project was then criticized for not stepping in and blocking the hackers’ attempts to swap out the stolen funds. 

In a recent documentary about the hack and THORChain’s decision to not step in, JP said that the North Korean hackers “have the right to be sovereign” as well as the right to move crypto if they were able to “exploit security loopholes,” according to an X post by ZachXBT.

“JP is one of the people whose has greatly benefited financially from the laundering of DPRK hacks/exploits,” ZachXBT wrote on X.

Related Articles:

• Ethereum Gains Momentum with $7.5B Accumulation and CME Record Highs
• Best Altcoins Leading the Market Rally Today, Sep 11
• Coinbase Pushes Petition for UK Blockchain Reforms, Drawing Public Support