TL;DR
- THORSwap has launched a bounty to recover over $1.2 million stolen from a personal wallet, likely belonging to THORChain founder John-Paul Thorbjornsen.
- The exploit involved a sophisticated phishing attack through a hacked Telegram account.
- PeckShield initially misreported the loss as a protocol hack, but THORSwap clarified it was a personal wallet incident.
THORSwap, the decentralized exchange aggregator tied to THORChain, has announced a bounty to recover funds following a high-profile wallet exploit worth approximately $1.2 million. The incident, according to onchain analysts, targeted what is believed to be THORChain founder John-Paul Thorbjornsenās personal wallet. The exploit has raised questions about the safety of personal crypto wallets and reinforced discussions about best security practices.
Bounty Offers Aim To Recover Stolen Assets
Over the past few days, THORSwap has repeatedly reached out to the exploiter with an offer to return the stolen assets in exchange for a reward. Messages posted onchain instructed the hacker to contact THORSwap via their official Discord or OTC channels, assuring that no legal action would be pursued if the funds were returned within 72 hours.
PeckShield flagged the bounty messages on X, initially implying the protocol itself had been hacked, though THORSwap later confirmed it was strictly a personal wallet incident, not a vulnerability in THORChain or THORSwap. Analysts note this approach could set a precedent for how other platforms handle personal wallet exploits.
Founderās Wallet Likely Target Of North Korean Hackers
Security sleuth ZachXBT reported that the wallet belongs to Thorbjornsen, who confirmed that attackers gained access through a compromised Telegram account from a friend, which contained a fake Zoom link. The exploit drained a MetaMask wallet, which Thorbjornsen had secured in another logged-out Chrome profile with the key in iCloud Keychain. The attackers appear to have leveraged a zero-day exploit to bypass these protections, underscoring the risk even for well-protected personal wallets.
The stolen assets include roughly $1.03 million in Kyber Network tokens and $320,000 in THORSwap tokens. Onchain analysis indicates the majority of these funds have been moved to a single address and partially converted into Ethereum. THORSwapās CEO, Paper X, confirmed that the protocol remains secure and emphasized the bounty as a measure to incentivize the safe return of funds.
The incident highlights the evolving tactics of sophisticated attackers targeting high-profile crypto figures and demonstrates THORSwapās proactive approach in attempting to recover stolen funds without legal escalation. Experts suggest such bounties could help foster more responsible recovery methods across the crypto industry.
