- THORSwap offers bounty for return of stolen funds from founder’s wallet.
- Hacker exploited THORChain founder’s wallet, stealing over $1.3 million.
- THORSwap’s bounty extends hope for recovering stolen assets from attack.
THORSwap, the decentralized exchange aggregator for THORChain, has been sending a series of bounty offers to the hacker responsible for exploiting a personal wallet. The victim of the breach is suspected to be THORChain’s founder, John-Paul Thorbjornsen. The most recent on-chain messages indicated that THORSwap made several outreach attempts to send it back with proposals not to prosecute it, provided it returned the stolen funds within the next 72 hours. Based on the messages, the hacker can reach out to THORSwap either through the official Discord or through email to establish a deal.
First, blockchain security company PeckShield had sounded an alarm that implied that the THORChain protocol itself was exploited to the tune of approximately $1.2 million. However, when the THORChain team clarified on this, it was confirmed that this was not the case. Instead, it was the personal wallet of a person who was attacked, and not the protocol. The CEO of THORSwap (who goes by the pseudonym Paper X) also confirmed that the bounty rewards were due to the recovery of the stolen funds only and that there was no exploitation of the protocol or THORSwap itself.
Also Read: Global Asset Rally Expected to Extend into 2026, According to Arthur Hayes
The Attack: A Disturbing Reality for THORChain’s Founder
It is believed that the wallet exploited in the attack belonged to John-Paul Thorbjornsen. The hack is reported to have happened after Thorbjornsen was hacked through his MetaMask wallet, presumably in a phishing attack where a fake Zoom meeting invitation was sent to him via a stolen Telegram account belonging to one of his friends. Thorbjornsen revealed that the attackers could have accessed his iCloud Keychain or Chrome profile to take the money, yet the wallet was logged out and could have been assumed to be secure.
The stolen funds amount to a total of approximately $1.35 million, including $1.03 million in Kyber Network tokens and $320,000 in THORSwap tokens. The assets were forwarded to a given address, known as “Exploiter 6,” similar to the address in the on-chain bounty offers. Today, it is suspected that these stolen funds were exchanged for ETH and stored at an address that starts with a 0x7Ab, and this was confirmed by on-chain investigator ZachXBT.
A Call for Action: Bounty Offers Continue
As the incident unfolds, THORSwap has continued to extend the bounty offer in hopes of recovering the stolen funds. The current attempts accentuate the intention of the community to settle the issue outside the legal framework, which is an uncommon solution to cases of crimes associated with blockchain. Although Thorbjornsen is convinced of the superior protection always provided by threshold signature wallets, systems that divide key shares among different devices, this attack has made him doubtful. Serves as a stark reminder of the potential vulnerabilities in even the most trusted crypto environments.
Also Read: XRPL TVL Surges Beyond $100 Million Amid Corporate Adoption
