- THORChain co-founder JP lost $1.35M in a phishing attack linked to North Korean hackers.
- The attack used a hacked Telegram account, a deepfake video, and potentially a zero-day exploit.
- JP’s loss highlights the growing security risks within decentralized finance platforms.
THORChain co-founder JP lost $1.35 million from his personal wallet in a phishing attack linked to North Korean hackers. The attack used a hacked Telegram account of a friend, a deepfake Zoom call, and possibly a zero-day exploit. This incident is a stark irony. THORChain’s protocols had previously been linked to North Korean money laundering. Now, its co-founder has become a direct target of the same hackers. Blockchain investigator ZachXBT subsequently validated this wallet drain.
Forgotten MetaMask Wallet Results in $1.35M Loss for JP
JP said the stolen funds would be connected to an old MetaMask account that was forgotten. This wallet held staked assets that were not displayed on Etherscan. This made the funds unaccountable. He explained how the wallet had been left and described the way the attack had occurred.
JP speculated that the attackers might have stolen his iCloud Keychain or a Chrome profile on his Mac, where his MetaMask keys were saved. Although left without any suspicious password requests, he considers it to have a zero-day vulnerability. Through this event, the complexity of crypto-related cyberattacks is brought to focus. It demonstrates how hackers take advantage of unrecognized vulnerabilities to empty wallets.
THORChain’s protocols were previously linked to laundering illicit funds, some from North Korean cyber actors. ZachXBT pointed out that the co-founders had indirectly benefited from these illicit flows. Now, JP, a key figure behind THORChain, has been directly targeted by the same hackers. This situation exposes the paradox at the heart of decentralized finance.
Decentralized networks such as THORChain are challenged to keep their users safe. When even a co-founder becomes a victim of hackers, it raises questions about the reliability of such platforms. While these projects are built on decentralization, they must also uphold strong security standards to maintain trust.
JP Offers Bounty for Stolen Funds, Highlights Crypto Security Risks
In an attempt to retrieve the stolen funds, JP sent a message to the wallet of the hacker, which promised a bounty when the stolen THOR tokens were restored. He would not sue the hacker as long as it was done within 72 hours. This is indicative of the growing struggle in the crypto scene to recover stolen funds.
JP also shared security lessons from his attack. He advised against storing private keys on cloud services like iCloud or Google Drive. He recommended using two-factor authentication on a separate device, such as a burner phone, to reduce exposure. JP also pointed to threshold signature wallets. These wallets divide key shares across multiple devices for better security.
Related: Crypto Hacks Hit $163M in August as Attacks Surge 15%
Malware scams on platforms like Telegram have surged. Scam Sniffer reported a 2,000% increase in such incidents since late 2024. These statistics show the growing risks crypto users face.
JP’s experience serves as a reminder of crypto’s vulnerabilities. While decentralized protocols offer freedom, they also expose users to risks. As the industry grows, stronger safeguards and clearer accountability are needed. These measures would help protect both users and leaders from future attacks.
