Deepfake case study · Multi-modal

Thorchain "exploit" timeline

In September 2025, Thorchain co-founder JP was targeted in a Telegram deepfake attack leading to the loss of $1.35 million.

Incident date: Sep 2025
Target: JP (Thorchain co-founder)

Updated May 16, 2026 · 1 min read

In September 2025, a social engineering attack targeted Thorchain's co-founder, resulting in significant financial loss. The attack leveraged a deepfake on Telegram to extract sensitive information.

What happened

A DPRK-linked actor used a Telegram deepfake of Thorchain co-founder JP. The attacker successfully extracted JP's MetaMask keys from his iCloud Keychain. This led to the loss of $1.35 million. This was one of six distinct attack vectors experienced by Thorchain over five years, including smart contract exploits, validator software bugs, TSS keygen vulnerabilities, economic design failures, and TSS cryptography flaws, resulting in ~$227M directly lost or trapped.

Sources

r/CryptoCurrency via cryptotimes.io — Thorchain "exploit" timeline