THORChain has been called a money laundering protocol — a label no decentralized finance (DeFi) project wants unless it’s prepared to have regulators breathing down its neck.

Its supporters have fended off the criticism by championing decentralization, while its critics point to recent activities that showed some of the protocol’s centralized tendencies.

After exploiting Bybit for $1.4 billion, the North Korean state-backed hackers behind the attack, known as the Lazarus Group, flocked to THORChain, making it their top choice to convert stolen funds from Ether (ETH) to Bitcoin (BTC). Lazarus finished converting its Ether within just 10 days of the hack.

The controversy has triggered internal conflict, governance cracks and developer resignations, exposing a deeper issue and question: Can DeFi remain neutral when criminals exploit it at scale?

THORChain is not a mixer

THORChain is a decentralized swap protocol, so some say it’s unfair to call it a laundering machine, as the output is traceable. It’s not like a mixer, whose purpose is to conceal cryptocurrency fund trails — though the reasons for using mixers vary between users, with some simply wanting to preserve their privacy and others using them for illicit purposes.

Federico Paesano, investigations lead at Crystal Intelligence, argued in a LinkedIn post that it is misleading to state that the North Korean hackers “laundered” the Bybit hack proceeds.

“So far, there’s been no concealment, only conversion. The stolen ETH have been swapped for BTC using various providers, but every swap is fully traceable. This isn’t laundering; it’s just asset movement across blockchains.”

Hackers also moved funds through Uniswap and OKX DEX, yet THORChain has become the focal point of scrutiny due to the sheer volume of funds that passed through it. In a March 4 X post, Bybit CEO Ben Zhou said that 72% of the stolen funds (361,255 ETH) had flowed through THORChain, far surpassing activity on other DeFi services.

A truly decentralized platform’s strength lies in its neutrality and censorship-resistance, which are foundational to blockchain’s value proposition, according to Rachel Lin, CEO of decentralized exchange SynFutures.

“The line between decentralization and responsibility can evolve with technology,” Lin told Cointelegraph. “While human intervention contradicts decentralization’s ethos, protocol-level innovations could automate safeguards against illicit activity.”

Related: From Sony to Bybit: How Lazarus Group became crypto’s supervillain

THORChain collected at least $5 million in fees from these transactions, a windfall for a project already struggling with financial instability. This financial benefit has further fueled criticism, with some questioning whether THORChain’s reluctance to intervene was ideological or simply a matter of self-preservation.

Governance cracks show when decentralization becomes a shield

The controversy sparked a dilemma on whether THORChain should act. In an attempt to block the hackers, three validators voted to halt ETH trading, effectively closing off their swapping route. However, four validators quickly voted to overturn the decision.

This exposed a contradiction in THORChain’s governance model. The protocol claims to be absolutely decentralized, yet it had previously intervened to pause its lending feature due to insolvency risks (swaps still remained operational). 

Some crypto community members called out THORChain’s actions as selective decentralization, where governance intervention only occurs when it serves the protocol’s own interests.

The backlash was immediate. Pluto, a key THORChain developer, resigned. Another developer, TCB, who identified themselves as one of the three validators who voted to halt Ether trades, hinted at leaving unless governance issues were addressed. 

Meanwhile, blockchain investigator ZachXBT called out Asgardex, a THORChain-based decentralized exchange, for not returning fees earned from hackers, while other protocols reportedly refunded ill-gotten gains.

THORChain founder John-Paul Thorbjornsen responded by claiming that centralized exchanges pocket millions from facilitating illicit transactions unless pressured by authorities.

“This pisses me off. Do we get ETH and BTC nodes to give back their transaction fees? What about GETH or BTCCore devs – who write the software, funded by grants/donations?” asked Thorbjornsen.

THORChain’s growing regulatory risks, as previously demonstrated by privacy tools

For now, THORChain has avoided any direct enforcement actions from governments, but history suggests that DeFi protocols facilitating illicit finance may not escape scrutiny forever. Tornado Cash, a well-known crypto mixer, was sanctioned by the US Treasury in 2022 after being used to launder billions of dollars, though it was later overturned by a US court. Similarly, Railgun came under FBI scrutiny in 2023 after North Korean hackers used it to move $60 million in stolen Ether.

Related: Tornado Cash developer Alexey Pertsev leaves prison custody

Railgun presents a unique case, as it’s marketed as a privacy protocol rather than a mixer or a DEX. But the distinction still draws comparisons to THORChain, given that privacy protocols frequently face criticism for potentially enabling illicit activities.

“Critics often claim that privacy-focused projects enable crime, but in reality, protecting financial privacy is a fundamental right and a cornerstone of decentralized innovation,” Chen Feng, head of research at Autonomys and associate professor and research chair in blockchain at the University of British Columbia’s Okanagan Campus, told Cointelegraph.

“Technologies like ZK-proofs and trusted execution environments can secure user data without obscuring illicit activity entirely. Through optional transparency measures and robust onchain forensics, suspicious patterns can still be detected. The goal is to strike a balance: empower users with privacy while ensuring the system has built-in safeguards to discourage and trace illicit use.”

Lin of SynFutures said continued illicit use of decentralized protocols would “absolutely” lead to drastic measures from authorities.

“Governments will likely escalate measures if they perceive decentralized protocols as systemic risks. This could include sanctioning protocol addresses, pressuring infrastructure providers, blacklisting entire networks or going after the builders,” she said.

Rising pressure against THORChain

THORChain supporters argue it is being unfairly singled out, as hackers have also used other DeFi protocols. But regulators tend to focus on the biggest enablers, and THORChain processed the vast majority of the stolen funds from the Bybit hack. This makes it an easy target for enforcement actions ranging from Office of Foreign Assets Control (OFAC) sanctions to developer prosecutions.

“When the huge majority of your flows are stolen funds from north korea for the biggest money heist in human history, it will become a national security issue, this isn’t a game anymore,” TCB wrote on X.

“The threshold you want to be credibly decentralized you need a network of 1000+ unique validators. There is a reason why @Chainflip fixed this issue on the network level so quickly and all front end are applying censorship.”

If regulators decide to crack down, the consequences could be severe. Sanctions on THORChain’s validators, front-end service, and liquidity providers could cripple its ecosystem, while major exchanges might delist RUNE (RUNE), cutting off its access to liquidity. 

There is also the possibility of legal action against developers, as seen in the Tornado Cash case, or pressure to introduce compliance measures like sanctioned address filtering — something that would contradict THORChain’s decentralized ethos and alienate its core user base.

THORChain’s entanglement with North Korean hackers has put it at a crossroads. The protocol must decide whether to take action now or risk having regulators step in to make that decision for them.

For now, the protocol remains firm in its laissez-faire approach, but history suggests DeFi projects that ignore illicit activity don’t stay untouchable forever.

Magazine: THORChain founder and his plan to ‘vampire attack’ all of DeFi

US lawmakers are set for a heated debate on stablecoin regulation, with key industry leaders expected to outline their vision for the future of digital asset oversight.

Charles Cascarilla, co-founder and CEO of stablecoin issuer Paxos, is scheduled to testify before the House Financial Services Committee, where he will urge lawmakers to establish “cross-jurisdictional reciprocity” in stablecoin regulations.

In his prepared testimony, Cascarilla flagged concerns about the existing hurdles in the adoption of Paxos’ Global Dollar (USDG) stablecoin due to it being issued via a regulated affiliate in Singapore.

“We fear that products like Paxos’ Global Dollar (USDG) stablecoin, issued by a regulated affiliate in Singapore, will languish while departments and agencies make their determinations,” Cascarilla wrote in his speech.

US must act to prevent regulatory stablecoin arbitrage

Cascarilla recommended US lawmakers strengthen the current “international reciprocity language” to include clearly defined, accelerated timelines for the US Treasury Department to designate overseas jurisdictions for stablecoin regulation.

“This timeframe would force swift action and prevent bureaucratic delays while guaranteeing thorough scrutiny of foreign regulatory regimes,” the executive said.

Cascarilla emphasized that potential delays in applying such action would be a major hurdle in the adoption and distribution of stablecoins like USDG in the US as well as cross-border operations. 

“Reciprocity is not about lowering standards — it’s about raising them globally,” Cascarilla said, adding:

“By establishing a framework to recognize jurisdictions with comparable regulatory regimes — covering reserve requirements, AML measures and cybersecurity protocols — the United States can prevent regulatory arbitrage, where issuers exploit lax oversight abroad.”

Paxos stablecoins were deemed non-compliant in the EU

Cascarilla’s remarks come amid some Paxos-issued stablecoins facing compliance issues in the European Union following the enforcement of its crypto regulation framework, Markets in Crypto-Assets (MiCA).

Since the MiCA framework went into full force in December 2024, multiple crypto asset service providers in the EU — including Crypto.com and Coinbase — have announced the delistings of Paxos stablecoins, including Pax Dollar (PAX) and Pax Gold (PAXG).

While Paxos’ Cascarilla is now calling for the US to take urgent action in forcing a global framework for stablecoin issuers that are regulated outside of the US, some industry CEOs have urged all stablecoin firms to get regulated domestically instead.

In February, Circle co-founder Jeremy Allaire argued that all dollar-based stablecoin issuers should register in the US, citing consumer protection and fair competition in the crypto market. He stated:

“Whether you are an offshore company or based in Hong Kong, if you want to offer your US dollar stablecoin in the US, you should register in the US just like we have to go register everywhere else.”

Issued and regulated in the US, Circle’s USDC (USDC) stablecoin was officially approved as the first MiCA-compliant stablecoin in 2024.

Magazine: How crypto laws are changing across the world in 2025