THORChain has been called a money laundering protocol

Its supporters have fended off the criticism by championing decentralization, while its critics point to recent activities that showed some of the protocol's centralized tendencies.

"If they can't use BTC to withdraw, maybe they'll go for ADA or SOL after exhausting ETH andリティリティcoins. Interesting to see how it plays out. Thoughts?" one X user asked.

After exploiting cryptocurrency exchange Bybit for $1.4 billion in March, North Korean state-backed hackers, known as the Lazarus Group, have been busy converting the stolen Ether (ETH) to Bitcoin (BTC) via decentralized finance (DeFi) protocols.

Out of the seven protocols that Lazarus used to convert its ETH to BTC, focusing mainly on decentralized swap protocols, THORChain was their top choice, according to blockchain analytics firm Chainalysis.

The hackers began finishing up their Ether conversion by mid-April, just 10 days after the Bybit hack was announced. They had also used protocols like Uniswap and moved some funds to Bitcoin on OKX DEX.

But it was the activity on THORChain that drew the most attention due to the sheer volume of funds passing through it.

Out of the $1.4 billion in crypto that Bybit reported being stolen, about $1 billion in Ether was traced to batches of transactions passing through a single liquidity pool on THORChain, according to Coldfire's analysis on Dune Analytics.

"We're tracking a large portion of the stolen funds moving through a single liquidity pool on THORChain," Coldfire said. "At least $994 million in Ether is being swapped for Bitcoin on the protocol."

The role of privacy protocols in crypto crime is a hot topic

The lively discussion on X also touched upon the role of privacy protocols in crypto crime. One user pointed out that a privacy protocol called Railgun was used by the North Korean hackers to move $60 million in stolen Ether, which was later covered by the FBI.

"Interesting tidbit: The FBI is now actively investigating batches of transactions linked to the Lazarus Group, focusing on a privacy protocol called Railgun," the user said.

"The hackers exploited several protocols to convert the stolen Ether to Bitcoin, but they used batches of transactions on Railgun to move around $60 million in stolen Ether."

However, another user pointed out that comparing the magnitudes of the transactions, the volumes passing through THORChain were far greater than those on Railgun.

"It seems like the magnitudes of the transactions are quite different. The volumes passing through THORChain are huge compared to batches of transactions on Railgun," the X user said.

"It's no surprise that the FBI is covering the smaller transactions on batches of transactions."

The lively discussion highlights the ongoing debate about the role of privacy protocols and the challenges faced by decentralized protocols when dealing with large-scale criminal activity in the cryptocurrency space.