Dr. Rasit Tavus, founder and CEO of LegalBlock argues the legal status of Lazarus swap transactions falls into two categories: decentralised finance (DeFi) transactions and centralised service transactions.
Centralised services and liability
It is simpler to assess centralised services first, including cryptocurrency exchanges and mixing services. Any entity with a central authority must comply with international anti-money laundering (AML) treaties, requiring robust AML protections to prevent stolen assets — such as those from Bybit — from entering their platforms.
Failure to implement effective AML measures constitutes negligence and legal liability. Given that Lazarus exploited these services due to inadequate safeguards, all fees associated with deposits, swaps, or withdrawals should be returned to the victim.
Centralised blockchain services operate globally but must comply with US regulations to remain within the USD-pegged blockchain ecosystem.
For instance, Binance and former CEO Changpeng Zhao returned illicit swap fees to the US Treasury as part of a plea agreement with the Department of Justice. This precedent suggests that in future cases, centralised services should return all swap fees to either Bybit or the US authorities.
DeFi platforms and legal responsibility
Decentralised mixers, bridges, and swap exchanges differ significantly from centralised entities. Their immutable and censorship-resistant nature means they cannot be negligent in the traditional sense.
As long as transaction outcomes remain visible and do not obstruct stolen asset recovery, these platforms do not bear direct legal responsibility.
However, the question of whether they should return swap fees is more complex.
In Dr. Tavus’ Ph.D. thesis, it been argued the concept of limited responsibility for validators, nodes, and miners. As long as a DeFi platform operates within its design, it holds no legal responsibility for transactions.
That said, these platforms engage in professional business activities and profit from them. If an illicit transaction occurs, demanding that stakers or liquidity providers return funds sets a problematic precedent, as there is no clear standard for distinguishing liability in such scenarios.
When DeFi platforms should act
While DeFi platforms may not be legally liable, they should not profit from sustained illicit activity. If a protocol repeatedly facilitates illicit transactions without intervention, scrutiny is warranted.
In the Bybit case, ThorChain accumulated several million dollars in swap fees from illicit transactions over multiple days without any remedial action. At this point, returning these fees is the appropriate course of action.
Validators, who uphold the network’s integrity, should not benefit from illicit transactions. If they unexpectedly earn high margins from such activity, accusations of gross negligence for profit may arise.
This presents a dilemma: are they passively profiting from illicit transactions, or are they upholding a censorship-resistant system?