THORChain Co-Founder Loses $1.3M in North Korean Deepfake Zoom Hack

12.09.2025 16:12 4 sources neutral
RUNE RUNE

John-Paul Thorbjornsen, co-founder of cross-chain protocol THORChain, confirmed he lost approximately $1.3 million in a sophisticated North Korean hacking attack that occurred via a deepfake Zoom call. The incident took place several days ago but was publicly acknowledged on September 12, 2025.

The attack began when hackers compromised a friend's Telegram account to lure Thorbjornsen into joining an official Zoom link. During the two-minute call, he encountered a convincing deepfake video of his friend but heard no audio. Unknowingly, this triggered a malicious script that copied his iCloud documents folder to a temporary directory, allowing access to sensitive data without raising immediate alarms.

Thorbjornsen explained that the attackers accessed an old MetaMask wallet linked to an inactive Chrome user profile, whose private keys were stored in his iCloud Keychain. His multisig Vultisig wallets remained untouched. He believes the hackers exploited a zero-day vulnerability to penetrate his system without requiring admin access or triggering warnings.

THORChain was quick to clarify that company funds were completely secure and unaffected by the incident. In recovery efforts, THORSwap has offered a bounty for the return of the stolen assets, with a blockchain message promising no legal action if funds are returned within 72 hours.

The incident drew ironic commentary from blockchain investigator ZachXBT, who noted that THORChain had previously processed between $5-10 million in fees from laundering funds from North Korea's $1.5 billion Bybit hack - the DPRK's most successful crypto heist. Thorbjornsen had previously defended North Korea's right to conduct such operations, stating in an interview: "[North Korea] has the right to be sovereign. If they exploit security loopholes... that is their effort. They're not inherently doing anything wrong in my opinion."

This attack is part of a broader trend where North Korean-linked groups have stolen over $2 billion in 2025 alone, using increasingly sophisticated methods including deepfakes, social engineering, and advanced malware targeting crypto executives.

RUNE RUNE
The news may create short-term negative sentiment around RUNE due to the co-founder's personal security failure and THORChain's historical involvement in laundering North Korean funds. However, the confirmed safety of protocol funds and the personal nature of the attack should limit long-term impact. Historical precedent shows isolated personal hacks have minimal sustained effect on native token prices when protocol integrity remains intact. Immediate selling pressure possible from negative headlines, but likely temporary given the fundamental separation between personal and protocol security.
Sources
THORChain Founder Loses $1.35M After Deepfake Zoom And Telegram Scam
Bitcoinist.com 13.09.2025 06:00
THORChain Co-Founder Loses $1.3 Million to North Korean Hack
Beincrypto 12.09.2025 15:49
THORchain co-founder loses $1.3m to North Korean zoom scam
crypto.news 12.09.2025 12:50
Top Today
yesterday / 18:49 8 sources
Nicholas Financial Files for 'Bitcoin After Dark' ETF Targeting Nighttime Returns
BTC BTC +2.75%
yesterday / 17:19 8 sources
The Sandbox Expands Beyond Gaming with Corners Web3 Platform, Deepening SAND Token Utility
SAND SAND
yesterday / 17:16 8 sources
Stripe and Paradigm's Tempo Blockchain Launches Public Testnet, Targets Stablecoin Payments
USDT USDT
USDC USDC
yesterday / 16:14 5 sources
Kyrgyzstan Launches $50M Gold-Backed Stablecoin USDKG, Pioneering Sovereign Digital Finance
TRX TRX -0.51%
ETH ETH +6.58%
yesterday / 14:51 11 sources
IPO Genie Sponsors Misfits Boxing Dubai Event, Offers $10,000 VIP Giveaway to Promote Crypto Presale
IPO IPO
yesterday / 14:11 24 sources
Coinbase and PNC Bank Forge Landmark Partnership to Offer Bitcoin Trading to Bank Clients
BTC BTC +2.75%
yesterday / 14:04 8 sources
Ozak AI Presale Raises Over $4.8M, Analysts Forecast Potential to Rival Early BTC and BNB Returns
OZ OZ