THORChain and Vultisig Wallet Under Scrutiny Amid North Korea Crypto Laundering

Former Australian Air Force pilot John-Paul Thorbjornsen, also known as JP Thor, has been promoting his new crypto wallet, Vultisig, which runs on THORChain — a decentralized network he founded to enable cross-chain swaps without intermediaries. Marketed as more secure than other wallets, Vultisig has recently seen a spike in usage alongside THORChain. However, blockchain security researchers link this surge to North Korea’s Lazarus Group.

Following the record $1.4 billion hack of Bybit in February, investigators found that over $1.2 billion in stolen ETH was laundered through THORChain. Despite FBI warnings and global efforts to freeze illicit funds, THORChain's operators and wallet apps like Vultisig and Asgardex have refused to block suspicious transactions. The protocol even briefly paused Ethereum swaps but reversed the move after community backlash.

Experts estimate THORChain validators and wallet developers earned over $12 million in fees tied to the hack. Critics argue THORChain isn't truly decentralized, citing previous incidents where a single keyholder paused the network, raising concerns over its governance.

Vultisig, which Thorbjornsen actively promotes, reportedly generated $200,000 in revenue — much of it allegedly linked to the Bybit heist. The wallet's token, VULT, will launch on April 16, with free distribution to top users. While Thorbjornsen claims no current operational ties to THORChain, his public association continues to draw scrutiny.

As U.S. regulators weigh actions similar to those taken against Tornado Cash, the debate intensifies over the responsibility of decentralized platforms in combating crypto-related crime — especially when linked to nation-state actors like North Korea. The line between decentralization and accountability continues to blur.