- Bybit wants ParaSwap DAO to hand over $100,000 in fees North Korean hackers paid to use the protocol.
- Some ParaSwap DAO members argue doing so would hurt the protocol's decentralisation.
- Bybit was hit by North Korean hackers for $1.4 billion last month.
Last month, decentralised exchange aggregator ParaSwap received an unexpected windfall.
DeFi’s fifth-biggest aggregator processed several large token swaps totalling $195 million, doubling its typical daily transaction volume and earning $100,000 in fees in the process.
There was just one problem. The swaps were part of an effort by North Korean hackers to launder $1.4 billion of crypto stolen from Bybit.
Now, Bybit is asking ParaSwap DAO to return the $100,000 as part of its ongoing recovery efforts.
“While this was an automated process, it has inadvertently resulted in the DAO holding proceeds linked to a widely reported exploit,” Bybit said in its proposal posted on the ParaSwap governance forum. The forum is where ParaSwap’s decentralised autonomous organisation, the digital collective that governs it, debates proposals and makes decisions.
Although the amount of money is small compared to the total amount stolen, how the situation plays out could have a big impact on the Paraswap DAO and the broader DeFi sector.
None of the five delegates DL News spoke to said they planned to vote for ParaSwap DAO to keep the funds. But many DAO members posting on the ParaSwap governance forum argue the DAO shouldn’t comply with Bybit’s request.
They say doing so will compromise the protocol’s commitment to decentralisation.
“ParaSwap will damage its reputation if it agrees to return this fee to Bybit. The protocol has always been permissionless — there’s no in-between,” said one governance participant who goes by krinweb3.
ParaSwap’s dilemma is part of a larger set of issues surrounding the theft of $1.4 billion worth of crypto from Bybit by North Korean state-sponsored hackers the Lazarus Group.
In the days since, Lazarus used several DeFi protocols to launder the funds, forcing some to make changes to prevent Lazarus from using them that compromise their decentralisation.
While Bybit has clawed back small portions of the stolen funds, the vast majority haven’t been recovered.
‘Moral decision’
DAOs, or decentralised autonomous organisations, are a form of governance popular with DeFi protocols. There’s usually no corporate structure, and decisions are made by voting among the protocol’s token holders.
It’s not the first time ParaSwap DAO has had to deliberate on what to do with fees earned on illicit transactions.
In 2023, the DAO debated a proposal to return swap fees earned when a hacker used ParaSwap to launder tokens stolen from a crypto casino.
This time, many delegates — DAO’s leaders who other members trust to vote on their behalf — say they will vote to return the swap fees.
“ParaSwap DAO does not want to benefit from the stolen funds,” Citizen42, a pseudonymous ParaSwap delegate, told DL News. “This is a moral decision linked to the ethos of good collaborations among all in web 3.”
“We lean on voting to return the funds as an act of solidarity for the industry,” another delegate who declined to be named, told DL News. “Some are concerned about the precedent it might set, which I think is a fair point, but hopefully we have fewer and fewer of these events in the future.”
Other delegates, such as DAO service provider Curia Lab, say they’re still on the fence about which way to vote.
“We’re carefully weighing factors such as legal compliance, community values, and the broader impact on the ParaSwap ecosystem,” a spokesperson for Curia told DL News. “It’s crucial that any decision aligns with our regulatory obligations — if applicable — and the long-term interests of our community.”
Legal trouble
Keeping the funds, however, could land the DAO in legal trouble.
“They face potential allegations under money laundering or aiding/abetting theories and an even greater likelihood of being liable to Bybit under conversion or a similar theory,” Gabriel Shapiro, a lawyer who specialises in DeFi legal issues, told DL News.
“Even if Paraswap DAO or its participants are not directly liable, the tokens themselves could easily be subject to forfeiture,” Shapiro said.
It’s not just ParaSwap that has profited from Lazarus’ laundering activities.
Thorchain, a protocol that lets users swap funds between incompatible blockchains, is popular with Lazarus because it helps them obfuscate the source of the stolen funds and lets them swap assets into Bitcoin, which is easier for the hermit kingdom to launder.
Lazarus-linked wallets have used Thorchain to swap $812 million worth of tokens since the Bybit hack, paying thousands of dollars in fees to Thorchain in the process.
Bybit hasn’t indicated if it will also pursue the Thorchain swap fees. But if it does, it will have a much harder time attempting to claw them back.
That’s because, on Thorchain, the fees get automatically sent to the hundreds of liquidity providers on the network. Liquidity providers are users who contribute their crypto assets to a decentralised exchange to enable the trading of different tokens.
ParaSwap, on the other hand, sends swap fees to its DAO treasury, where holders of ParaSwap’s PSP governance token can decide what they are used for.
Reputational damage
Some ParaSwap DAO members argue that returning the swap fees to Bybit could damage the protocol’s reputation.
DeFi protocols strive to be completely permissionless and decentralised, distinguishing themselves from the traditional permissioned financial infrastructure. The hard-coded rules of DeFi protocols mean that they don’t discriminate against who can use them — even if it’s bad actors like Lazarus.
“Returning those funds would set a dangerous precedent and will open the door to every single person who had their funds stolen in the past that went through ParaSwap,” one governance participant who goes by aypierre said.
“It doesn’t make any sense,” said another participant who goes by enerow. “It’s not Bybit’s funds, it is revenue for a service delivered from a trustless protocol and executed on a decentralised blockchain.”
Discussion on the ParaSwap governance forum is ongoing. A date for a formal vote on what to do with the swap fees has yet to be set.
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.
Correction, March 5: A previous version of this article said the ParaSwap DAO voted against a proposal to return swap fees to a crypto casino. The proposal never went to a vote.