Get ONMINE

Stay Ahead, Stay ONMINE

Welcome to the dark side of crypto’s permissionless dream

“We’re out of airspace now. We can do whatever we want,” Jean-Paul Thorbjornsen tells me from the pilot’s seat of his Aston Martin helicopter. As we fly over suburbs outside Melbourne, Australia, it’s becoming clear that doing whatever he wants is Thorbjornsen’s MO.  Upper-middle-class homes give way to vineyards, and Thorbjornsen points out our landing spot outside a winery. People visiting for lunch walk outside. “They’re going to ask for a shot now,” he says, used to the attention drawn by his luxury helicopter, emblazoned with the tail letters “BTC” for bitcoin (the price tag of $5 million in Australian dollars—$3.5 million in US dollars today—was perhaps reasonable for someone who claims a previous crypto project made more than AU$400 million, although he also says those funds were tied up in the company).  Thorbjornsen is a founder of THORChain, a blockchain through which users can swap one cryptocurrency for another and earn fees from making those swaps. THORChain is permissionless, so anyone can use it without getting prior approval from a centralized authority. As a decentralized network, the blockchain is built and run by operators located across the globe, most of whom use pseudonyms.  During its early days, Thorbjornsen himself hid behind the pseudonym “leena” and used an AI-generated female image as his avatar. But around March 2024, he revealed that he, an Australian man in his mid-30s, with a rural Catholic upbringing, was the mind behind the blockchain. More or less.  If there is a central question around THORChain, it is this: Exactly who is responsible for its operations? Blockchains as decentralized as THORChain are supposed to offer systems that operate outside the centralized leadership of corruptible governments and financial institutions. If a few people have outsize sway over this decentralized network—one of a handful that operate at such a large scale—it’s one more blemish on the legacy of bitcoin’s promise, which has already been tarnished by capitalistic political frenzy.    Who’s responsible for THORChain matters because in January last year, its users lost more than $200 million worth of their cryptocurrency in US dollars after THORChain transactions and accounts were frozen by a singular admin override, which users believed was not supposed to be possible given the decentralized structure. When the freeze was lifted, some users raced to pull their money out. The following month, a team of North Korean hackers known as the Lazarus Group used THORChain to move roughly $1.2 billion of stolen ethereum taken in the infamous hack of the Dubai-based crypto exchange Bybit.  Thorbjornsen explains away THORChain’s inability to stop the movement of stolen funds, or prevent a bank run, as a function of its decentralized and permissionless nature. The lack of executive powers means that anyone can use the network for any reason, and arguably there’s no one to hold accountable when even the worst goes down. But when the worst did go down, nearly everyone in the THORChain community, and those paying attention to it in channels like X, pointed their fingers at Thorbjornsen. A lawsuit filed by the THORChain creditors who lost millions in January 2025 names him. A former FBI analyst and North Korea specialist, reflecting on the potential repercussions for helping move stolen funds, told me he wouldn’t want to be in Thorbjornsen’s shoes. THORChain was designed to make decisions based on votes by node operators, where two-thirds majority rules. That’s why I traveled to Australia—to see if I could get a handle on where he sees himself and his role in relation to the network he says he founded. According to Thorbjornsen, he should not be held responsible for either event. THORChain was designed to make decisions based on votes by node operators—people with the computer power, and crypto stake, to run a cluster of servers that process the network’s transactions. In those votes, a two-thirds majority rules. Then there’s the permissionless part. Anyone can use THORChain to make swaps, which is why it’s been a popular way for widely sanctioned entities such as the government of North Korea to move stolen money. This principle goes back to the cypherpunk roots of bitcoin, a currency that operates outside of nation-states’ rules. THORChain is designed to avoid geopolitical entanglements; that’s what its users like about it. But there are distinct financial motivations for moving crypto, stolen or not: Node operators earn fees from the funds running through the network. In theory, this incentivizes them to act in the network’s best interests—and, arguably, Thorbjornsen’s interests too, as many assume his wealth is tied to the network’s profits. (Thorbjornsen says it is not, and that it comes instead from “many sources,” including “buying bitcoin back in 2013.”) Now recent events have raised critical questions, not just about Thorbjornsen’s outsize role in THORChain’s operations, but also about the blockchain’s underlying nature. If THORChain is decentralized, how was a single operator able to freeze its funds a month before the Bybit hack? Could someone have unilaterally decided to stop the stolen Bybit funds from coming through the network, and chosen not to?  Thorbjornsen insists THORChain is helping realize bitcoin’s original purpose of enabling anyone to transact freely outside the reach of purportedly corrupt governments. Yet the network’s problems suggest that an alternative financial system might not be much better. Decentralized?  On February 21, 2025, Bybit CEO Ben Zhou got an alarming call from the company’s chief financial officer. About $1.5 billion US of the exchange’s ethereum token, ETH, had been stolen.  The FBI attributed the theft to the Lazarus Group. Typically, criminals will want to convert ETH to bitcoin, which is much easier to convert in turn to cash. Knowing this, the FBI issued a public service announcement on February 26 to “exchanges, bridges … and other virtual asset service providers,” encouraging them to block transactions from accounts related to the hack.  Someone posted that announcement in THORChain’s private, invite-only developer channel on Discord, a chat app used widely by software engineers and gamers. While other crypto exchanges and bridges (which facilitate transactions across different blockchains) heeded the warning, THORChain’s node operators, developers, and invested insiders debated about whether or not to close the trading gates, a decision requiring a majority vote. “Civil war is a very strong term, but there was a strong rift in the community,” says Boone Wheeler, a US-based crypto enthusiast. In 2021, Wheeler purchased some rune, THORChain’s Norse-mythology-themed native token, and he has been paid to write articles about the network to help advertise it. The rift formed “between people who wanted to stay permissionless,” he says, “and others who wanted to blacklist the funds.” Wheeler, who says he doesn’t run a node or code for THORChain, fell on the side of remaining permissionless. However, others spoke up for blocking the transfers. THORChain, they argued, wasn’t decentralized enough to keep those running the network safe from law enforcement—especially when those operators were identifiable by their IP addresses, some based in the US. “We are not the morality police,” someone with the username @Swing_Pop wrote on February 27 in the developer Discord. THORChain’s design includes up to 120 nodes whose operators manage transactions on the network through a voting process. Anyone with hosting hardware can become an operator by funding nodes with rune as collateral, which provides the network with liquidity. Nodes can respond to a transaction by validating it or doing nothing. While individual transactions can’t be blocked, trading can be halted by a two-thirds majority vote.  A team of North Korean hackers used THORChain to move roughly $1.2 billion of ethereum stolen from the crypto exchange Bybit. Nodes are also penalized for not participating in voting, which the system labels as “bad behavior.” Every 2.5 days, THORChain automatically “churns” nodes out to ensure that no one node gains too much control. The nodes that chose not to validate transactions from the Bybit hack were automatically “churned” out of the system. Thorbjornsen says about 20 or 30 nodes were booted from the network in this way. (Node operators can run multiple nodes, and 120 are rarely running simultaneously; at the time of writing, 55 unique IDs operated 103 nodes.) By February 27, some node operators were prepared to leave the network altogether. “It’s personally getting beyond my risk tolerance,” wrote @Runetard in the dev Discord. “Sorry to those of the community that feel otherwise. There are a bunch of us holding all the risk and some are getting ready to walk away.” According to one estimate, THORChain earned between $5 million and $10 million from the heist. Even so, the financial incentive for the network operators who remained was significant. As one member of the dev Discord put it earlier that day, $3 million had been “extracted as commission” from the theft by those operating THORChain. “This is wrong!” they wrote. Thorbjornsen weighed in on this back-and-forth, during which nodes paused and unpaused the network. He now says there was a right and wrong way for node operators to have behaved. “The correct way of doing things,” he says, was for node operators who opposed processing stolen funds to “go offline and … get [themselves] kicked out” rather than try to police who could use THORChain. He also says that while operators could discuss stopping transactions, “there was simply no design in the code that allowed [them] to do that.” However, a since-deleted post from his personal X account on March 3, 2025, stated: “I pushed for all my nodes to unhalt trading [keep trading]. Threatened to yank bond if they didn’t comply. Every single one.” (Thorbjornsen says his social media team ran this account in 2025.)  In an Australian 7 News Spotlight documentary last June, Thorbjornsen estimated that THORChain earned between $5 million and $10 million from the heist. When asked in that same documentary if he received any of those fees, he replied, “Not directly.” When we spoke, I asked him to elaborate. He said he’s “not a recipient” of any funds THORChain sets aside for developers or marketers, nor does he operate any nodes. He was merely speaking generally, he told me: “All crypto holders profit indirectly off economic activity on any chain.” KAGAN MCLEOD Most important to Thorbjornsen was that, despite “huge pressure to shut the protocol down and stop servicing these swaps,” THORChain chugged along. He also notes that the hackers’ tactics, moving fast and splitting funds across multiple addresses, made it difficult to identify “bad swaps.” Blockchain experts like Nick Carlsen, a former FBI analyst at the blockchain intelligence company TRM Labs, don’t buy this assessment. Other services similar to THORChain were identifying and rejecting these transactions. Had THORChain done the same, Carlsen adds, the stolen funds could have been contained on the Ethereum network, which “would have basically denied North Korea the ability to kick off this laundering process.”  And while THORChain touts its decentralization, in “practical applications” like the Lazarus Group’s theft, “most de-fi [decentralized finance] protocols are centralized,” says Daren Firestone, an attorney who represents crypto industry whistleblowers, citing a 2023 US Treasury Department risk assessment on illicit finance.  With centralization comes culpability, and in these cases, Firestone adds, that comes down to “who profits from [the protocol], so who creates it? But most importantly, who controls it?” Is there someone who can “hit an emergency off switch? … Direct nodes?” Many answer these questions with Thorbjornsen’s name. “Everyone likes to pass the blame,” he says, even though he wasn’t alone in building THORChain. “​​In the end, it all comes back to me anyway.” THORChain origins According to Thorbjornsen, his story goes like this. The third of 10 homeschooled children in a “traditional” Catholic household in rural Australia, he spent his days learning math, reading, writing, and studying the Bible. As he got older, he was also responsible for instructing his younger siblings. Wednesday was his day to move the solar panels that powered their home. His parents “installed” a mango and citrus orchard, more to keep nine boys busy than to reap the produce, he says. “We lived close to a local airfield,” Thorbjornsen says, “and I was always mesmerized by these planes.” He joined the Australian air force and studied engineering, but he says the military left him feeling like “a square peg in a round hole.” He adds that doing things his own way got him frequently “pulled aside” by superiors. “That’s when I started looking elsewhere,” he says, and in 2013, he found bitcoin. It appealed because it existed “outside the system.” During the 2017 crypto bull run, Thorbjornsen raised AU$12 million in an initial coin offering for CanYa, a decentralized marketplace he cofounded. CanYa ultimately “died” in 2018, and Thorbjornsen pivoted to a “decentralized liquidity” project that would become THORChain. He worked with a couple of different developer teams, and then, in 2019, he clicked with an American developer, Chad Barraford, at a hackathon in Germany. Barraford (who declined to be interviewed for this story) was an early public face of THORChain.  Around this time, Thorbjornsen says, “a couple of us helped manage the payroll and early investment funds.” In a 2020 interview, Kai Ansaari, identified as a THORChain “project lead,” wrote, “We’re all contributors … There’s no real ‘lead,’ ‘CEO,’ ‘founder,’ etc.” In interviews conducted since he came out from behind the “leena” account in 2024, Thorbjornsen has positioned himself as a key lead. He now says his plan had always been to hand over the account, along with command powers and control of THORChain social media accounts, once the blockchain had matured enough to realize its promise of decentralization. In 2021, he says, he started this process, first by ceasing to use his own rune to back node operators who didn’t have enough to supply their own funding (this can be a way to influence node votes without operating a node yourself). That year, the protocol suffered multiple hacks that resulted in millions of dollars in losses. Nine Realms, a US-incorporated coding company, was brought on to take over THORChain’s development. Thorbjornsen says he passed “leena” over to “other community members” and “left crypto” in 2021, selling “a bunch of bitcoin” and buying the helicopter.  Despite this crypto departure, he came back onto the scene with gusto in 2024 when he revealed himself as the operator of the “leena” account. “​​For many years, I stayed private because I didn’t want the attention,” he says now.  By early 2024 Thorbjornsen considered the network to be sufficiently decentralized and began advertising it publicly. He started regularly posting videos on his TikTok and YouTube channels (“Two sick videos every week,” in the words of one caption) that showed him piloting his helicopter wearing shirts that read “Thor.” By November 2024, Thorbjornsen, who describes himself as “a bit flamboyant,” was calling himself THORChain’s CEO (“chief energy officer”) and the “master of the memes” in a video from Binance Blockchain Week, an industry conference in Dubai. You need “strong memetic energy,” he says in the video, “to create the community, to create the cult.” Cults imply centralized leadership, and since outing himself as “leena,” Thorbjornsen has publicly appeared to helm the project, with one interviewer deeming him the “THORChain Satoshi” (an allusion to the pseudonymous creator of bitcoin).  One consequence of going public as a face of the protocol: He’s received death threats. “I stirred it up. Do I regret it? Who knows?” he said when we met in Australia. “It’s caused a lot of chaos.”  But, he added, “this is the bed that I’ve laid.” When we spoke again, months later, he backtracked, saying he “got sucked into” defending THORChain in 2024 and 2025 because he was involved from 2018 to 2021 and has “a perspective on how the protocol operates.” Centralized?  Ryan Treat, a retired US Army veteran, woke up one morning in January 2025 to some disturbing activity on X. “My heart sank,” he says. THORFi, the THORChain program he’d used to earn interest on the bitcoin he’d planned to save for his retirement, had frozen all accounts—but that didn’t make sense. THORFi featured a lending and saving program said to give users “complete control” and self-custody of their crypto, meaning they could withdraw it at any time.  Treat was no crypto amateur. He bought his first bitcoin at around “$5 apiece,” he says, and had always kept it off centralized exchanges that would maintain custody of his wallets. He liked THORChain because it claimed to be decentralized and permissionless. “I got into bitcoin because I wanted to have government-less money,” he says.  We were told it was decentralized. Then you wake up one morning and read this guy had an admin mimir. Many who’d used THORFi lending and saving programs felt similarly. Users I interviewed differentiated THORChain from centralized lending platforms like BlockFi and Celsius, both of which offered extraordinarily high yields before filing for bankruptcy in 2022. “I viewed THORChain as a decentralized system where it was safer,” says Halsey Richartz, a Florida-based THORFi creditor, with “vanilla, 1% passive yield.” Indeed, users I spoke with hadn’t felt the need to monitor their THORFi deposits. “Only your key can be used to withdraw your funds,” the product’s marketing materials insisted. “Savers can withdraw their position to native assets at any time.” So on January 9, when the “leena” account announced that an admin key had been used to pause withdrawals, it took THORFi users by surprise—and seemed to contradict the marketing messaging around decentralization. “We were told that it was decentralized, and you wake up one morning and read an article that says ‘This guy, JP, had an admin mimir,’” says Treat, referring to Thorbjornsen, “and I’m like, ‘What the fuck is an admin mimir?’” The admin mimir was one of “a bunch of hard-coded admin keys built into the base code of the system,” says Jonathan Reiter, CEO of the blockchain intelligence company ChainArgos. Those with access to the keys had the ability to make executive decisions on the blockchain—a function many THORChain users didn’t realize could supersede the more democratic decisions made by node votes. These keys had been in THORChain’s code for years and “let you control just about anything,” Reiter adds, including the decision to pause the network during the hacks in 2021 that resulted in a loss of more than $16 million in assets.  Thorbjornsen says that one key was given to Nine Realms, while another was “shared around the original team.” He told me at least three people had them, adding, “I can neither confirm nor deny having access to that mimir key, because there’s no on-chain registry of the keys.” Regardless of who had access, Thorbjornsen maintains that the admin mimir mechanism was “widely known within the community, and heavily used throughout THORChain’s history” and that any action taken using the keys “could be largely overruled by the nodes.” Indeed, nodes voted to open withdrawals back up shortly after the admin key was used to pause them. By then, those burned by THORFi argue, the damage had already been done. The executive pause to withdrawals, for some, signaled that something was amiss with THORFi. This led to a bank run after the pause was lifted, until the nodes voted to freeze withdrawals permanently (which Thorbjornsen had suggested in a since-deleted post on X), separating users from crypto worth around $200 million in US dollars on January 23. THORFi users were then offered a token called TCY (THORChain Yield), which they could claim with the idea that, when its price rose to $1, they would be made whole. (The price, as of writing, sits at $0.16.) Who used the key? Thorbjornsen maintains he didn’t do it, but he claims he knows who did and won’t say. He says he’d handed over the “leena” account and doesn’t “have access to any of the core components of the system,” nor has he for “at least three years.” He implies that whoever controlled “leena” at the time used the admin key to pause network withdrawals. A video released by Nine Realms on February 20, 2025, names Thorbjornsen as the activator of the key, stating, “JP ended up pausing lenders and savers, preventing withdrawals so that we can work out … [a] payback plan on them.” Thorbjornsen told me the video was “not factual.” Multiple blockchain analysts told me it would be extremely difficult to determine who used the admin mimir key. A month after it was used to pause the network, THORChain said the key had been “removed from the network.” At least you can’t find the words “admin mimir” in THORChain’s base code; I’ve looked.  Culpability After the debacle of the THORFi withdrawal freeze, Richartz says, he tried to file reports with the Miami-Dade Police Department, the Florida Department of Law Enforcement, the FBI, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Federal Trade Commission, and Interpol. When we spoke in November, he still hadn’t been able to file with the city of Miami. They told him to try small claims court. “I was like, no, you don’t understand … a post office box in Switzerland is the company address,” he says. “It underscored to me how little law enforcement even knows about these crimes.”  As for the Bybit hack, at least one government has retaliated against those who facilitate blockchain projects. Last April German authorities shut down eXch, an exchange suspected of using THORChain to process funds Lazarus stole from Bybit, says Julia Gottesman, cofounder and head of investigations at the cybersecurity group zeroShadow. Australia, she adds, where Thorbjornsen was based, has been “slow to try to engage with the crypto community, or any regulations.” KAGAN MCLEOD In response to requests for comment, Australia’s Department of Home Affairs wrote that at the end of March 2026, the country’s regulatory powers will expand to include “exchanges between the same type of cryptocurrency and transfers between different types.” They did not comment on specific investigations. Crypto and finance experts disagree about whether THORChain engaged in money laundering, defined by the UN as “the processing of criminal proceeds to disguise their illegal origin.” But some think it fits the definition. Shlomit Wagman, a Harvard fellow and former head of Israel’s anti-money-laundering agency and its delegation to the Financial Action Task Force (FATF), thinks the Bybit activity was money laundering because THORChain helped the hackers “transfer the funds in an unsupervised manner, completely outside of the scope of regulated or supervised activity.”  And by helping with conversions, Carlsen says, THORChain enabled bad actors to turn stolen crypto into usable currency. “People like [Thorbjornsen] have a personal degree of culpability in sustaining the North Korean government,” he says. Thorbjornsen counters that THORChain is “open-source infrastructure.” Meanwhile, just days after the hack, Bybit issued a 10% bounty on any funds recovered. As of mid-January this year, between $100 million and $500 million worth of those funds in US dollars remain unaccounted for, according to Gottesman of zeroShadow, which was hired by Bybit to recover funds following the hack. Thorbjornsen hacked For Thorbjornsen, it’s just another day at the casino. That’s the comparison he made during his regrettable 7 News Spotlight interview about the Bybit heist, and he repeated it when we met. “You go to a casino, you play a few games, you expect to lose,” he told me. “When you do actually go to zero, don’t cry.” Thorbjornsen, it should be noted, has lost at the casino himself. In September, he says, he got a Telegram message from a friend, inviting him to a Zoom meeting. He accepted and participated in a call with people who had “American voices.” Ultimately, Thorbjornsen describes himself as a guy who’s had a bad year, fending off “threat vectors” left and right. After the meeting, Thorbjornsen learned that his friend’s Telegram had been hacked. Whoever was responsible had used the Zoom link to remotely install software on Thorbjornsen’s computer, which “got access to everything”—his email, his crypto wallets, a bitcoin-based retirement fund. It cost him at least $1.2 million. The blockchain sleuth known as ZachXBT traced the funds and attributed the hack to North Korea.  ZachXBT called it “poetic.” Ultimately, Thorbjornsen describes himself as a guy who’s had a bad year. He says he had to liquidate his crypto assets because he’s dealing with the fallout of a recent divorce. He also feels he is fending off “threat vectors” left and right. More than once, he asked if I was a private investigator masquerading as a journalist. Still, his many contradictions don’t inspire confidence. He doesn’t have any more crypto assets, he says. However, the crypto wallet he shared with me so I could pay him back for lunch showed that it contained assets worth more than $143,000 in US dollars. He now says it wasn’t his wallet. He says he doesn’t control THORChain’s social media, but he’d also told me that he runs the @THORChain X account (later backtracking and saying the account is “delegated” to him for trickier questions). He insists that he does not care about money. He says that in the robot future, the AI-powered hive mind will become our benevolent overlord, rendering money obsolete, so why give it much thought? Yet as we flew back from the vineyard, he pointed out his new house from the helicopter. It resembles a compound. He says he lives there with his new wife.  Multiple people I spoke with about Thorbjornsen before I met him warned me he wasn’t trustworthy, and he’s undeniably made fishy statements. For instance, the presence of a North Korean flag in a row of decals on the tail of his helicopter suggested an affinity with the country for which THORChain has processed so much crypto. Thorbjornsen insists he had requested the flag of Australia’s Norfolk Island, calling the mix-up “a complete coincidence.” The flags were gone by the time of our flight, apparently removed during a recent repair. “Money is a meme,” he says. “Money does not exist.” Meme or not, it’s had real repercussions for those who have interacted with THORChain, and those who wound up losing have been looking for someone to blame.  When I spoke with Thorbjornsen again in January, he appeared increasingly concerned that he is that someone. He’s spending more time in Singapore, he told me. Singapore happens to have historically denied extraditions to the US for money-laundering prosecutions.  Jessica Klein is a Philadelphia-based freelance journalist covering intimate partner violence, cryptocurrency, and other topics.

“We’re out of airspace now. We can do whatever we want,” Jean-Paul Thorbjornsen tells me from the pilot’s seat of his Aston Martin helicopter. As we fly over suburbs outside Melbourne, Australia, it’s becoming clear that doing whatever he wants is Thorbjornsen’s MO. 

Upper-middle-class homes give way to vineyards, and Thorbjornsen points out our landing spot outside a winery. People visiting for lunch walk outside. “They’re going to ask for a shot now,” he says, used to the attention drawn by his luxury helicopter, emblazoned with the tail letters “BTC” for bitcoin (the price tag of $5 million in Australian dollars—$3.5 million in US dollars today—was perhaps reasonable for someone who claims a previous crypto project made more than AU$400 million, although he also says those funds were tied up in the company). 

Thorbjornsen is a founder of THORChain, a blockchain through which users can swap one cryptocurrency for another and earn fees from making those swaps. THORChain is permissionless, so anyone can use it without getting prior approval from a centralized authority. As a decentralized network, the blockchain is built and run by operators located across the globe, most of whom use pseudonyms. 

During its early days, Thorbjornsen himself hid behind the pseudonym “leena” and used an AI-generated female image as his avatar. But around March 2024, he revealed that he, an Australian man in his mid-30s, with a rural Catholic upbringing, was the mind behind the blockchain. More or less. 

If there is a central question around THORChain, it is this: Exactly who is responsible for its operations? Blockchains as decentralized as THORChain are supposed to offer systems that operate outside the centralized leadership of corruptible governments and financial institutions. If a few people have outsize sway over this decentralized network—one of a handful that operate at such a large scale—it’s one more blemish on the legacy of bitcoin’s promise, which has already been tarnished by capitalistic political frenzy.   

Who’s responsible for THORChain matters because in January last year, its users lost more than $200 million worth of their cryptocurrency in US dollars after THORChain transactions and accounts were frozen by a singular admin override, which users believed was not supposed to be possible given the decentralized structure. When the freeze was lifted, some users raced to pull their money out. The following month, a team of North Korean hackers known as the Lazarus Group used THORChain to move roughly $1.2 billion of stolen ethereum taken in the infamous hack of the Dubai-based crypto exchange Bybit. 

Thorbjornsen explains away THORChain’s inability to stop the movement of stolen funds, or prevent a bank run, as a function of its decentralized and permissionless nature. The lack of executive powers means that anyone can use the network for any reason, and arguably there’s no one to hold accountable when even the worst goes down.

But when the worst did go down, nearly everyone in the THORChain community, and those paying attention to it in channels like X, pointed their fingers at Thorbjornsen. A lawsuit filed by the THORChain creditors who lost millions in January 2025 names him. A former FBI analyst and North Korea specialist, reflecting on the potential repercussions for helping move stolen funds, told me he wouldn’t want to be in Thorbjornsen’s shoes.

THORChain was designed to make decisions based on votes by node operators, where two-thirds majority rules.

That’s why I traveled to Australia—to see if I could get a handle on where he sees himself and his role in relation to the network he says he founded.

According to Thorbjornsen, he should not be held responsible for either event. THORChain was designed to make decisions based on votes by node operators—people with the computer power, and crypto stake, to run a cluster of servers that process the network’s transactions. In those votes, a two-thirds majority rules.

Then there’s the permissionless part. Anyone can use THORChain to make swaps, which is why it’s been a popular way for widely sanctioned entities such as the government of North Korea to move stolen money. This principle goes back to the cypherpunk roots of bitcoin, a currency that operates outside of nation-states’ rules. THORChain is designed to avoid geopolitical entanglements; that’s what its users like about it.

But there are distinct financial motivations for moving crypto, stolen or not: Node operators earn fees from the funds running through the network. In theory, this incentivizes them to act in the network’s best interests—and, arguably, Thorbjornsen’s interests too, as many assume his wealth is tied to the network’s profits. (Thorbjornsen says it is not, and that it comes instead from “many sources,” including “buying bitcoin back in 2013.”)

Now recent events have raised critical questions, not just about Thorbjornsen’s outsize role in THORChain’s operations, but also about the blockchain’s underlying nature.

If THORChain is decentralized, how was a single operator able to freeze its funds a month before the Bybit hack? Could someone have unilaterally decided to stop the stolen Bybit funds from coming through the network, and chosen not to? 

Thorbjornsen insists THORChain is helping realize bitcoin’s original purpose of enabling anyone to transact freely outside the reach of purportedly corrupt governments. Yet the network’s problems suggest that an alternative financial system might not be much better.

Decentralized? 

On February 21, 2025, Bybit CEO Ben Zhou got an alarming call from the company’s chief financial officer. About $1.5 billion US of the exchange’s ethereum token, ETH, had been stolen. 

The FBI attributed the theft to the Lazarus Group. Typically, criminals will want to convert ETH to bitcoin, which is much easier to convert in turn to cash. Knowing this, the FBI issued a public service announcement on February 26 to “exchanges, bridges … and other virtual asset service providers,” encouraging them to block transactions from accounts related to the hack. 

Someone posted that announcement in THORChain’s private, invite-only developer channel on Discord, a chat app used widely by software engineers and gamers. While other crypto exchanges and bridges (which facilitate transactions across different blockchains) heeded the warning, THORChain’s node operators, developers, and invested insiders debated about whether or not to close the trading gates, a decision requiring a majority vote.

“Civil war is a very strong term, but there was a strong rift in the community,” says Boone Wheeler, a US-based crypto enthusiast. In 2021, Wheeler purchased some rune, THORChain’s Norse-mythology-themed native token, and he has been paid to write articles about the network to help advertise it. The rift formed “between people who wanted to stay permissionless,” he says, “and others who wanted to blacklist the funds.”

Wheeler, who says he doesn’t run a node or code for THORChain, fell on the side of remaining permissionless. However, others spoke up for blocking the transfers. THORChain, they argued, wasn’t decentralized enough to keep those running the network safe from law enforcement—especially when those operators were identifiable by their IP addresses, some based in the US.

“We are not the morality police,” someone with the username @Swing_Pop wrote on February 27 in the developer Discord.

THORChain’s design includes up to 120 nodes whose operators manage transactions on the network through a voting process. Anyone with hosting hardware can become an operator by funding nodes with rune as collateral, which provides the network with liquidity. Nodes can respond to a transaction by validating it or doing nothing. While individual transactions can’t be blocked, trading can be halted by a two-thirds majority vote. 

A team of North Korean hackers used THORChain to move roughly $1.2 billion of ethereum stolen from the crypto exchange Bybit.

Nodes are also penalized for not participating in voting, which the system labels as “bad behavior.” Every 2.5 days, THORChain automatically “churns” nodes out to ensure that no one node gains too much control. The nodes that chose not to validate transactions from the Bybit hack were automatically “churned” out of the system. Thorbjornsen says about 20 or 30 nodes were booted from the network in this way. (Node operators can run multiple nodes, and 120 are rarely running simultaneously; at the time of writing, 55 unique IDs operated 103 nodes.)

By February 27, some node operators were prepared to leave the network altogether. “It’s personally getting beyond my risk tolerance,” wrote @Runetard in the dev Discord. “Sorry to those of the community that feel otherwise. There are a bunch of us holding all the risk and some are getting ready to walk away.”

According to one estimate, THORChain earned between $5 million and $10 million from the heist.

Even so, the financial incentive for the network operators who remained was significant. As one member of the dev Discord put it earlier that day, $3 million had been “extracted as commission” from the theft by those operating THORChain. “This is wrong!” they wrote.

Thorbjornsen weighed in on this back-and-forth, during which nodes paused and unpaused the network. He now says there was a right and wrong way for node operators to have behaved. “The correct way of doing things,” he says, was for node operators who opposed processing stolen funds to “go offline and … get [themselves] kicked out” rather than try to police who could use THORChain. He also says that while operators could discuss stopping transactions, “there was simply no design in the code that allowed [them] to do that.” However, a since-deleted post from his personal X account on March 3, 2025, stated: “I pushed for all my nodes to unhalt trading [keep trading]. Threatened to yank bond if they didn’t comply. Every single one.” (Thorbjornsen says his social media team ran this account in 2025.) 

In an Australian 7 News Spotlight documentary last June, Thorbjornsen estimated that THORChain earned between $5 million and $10 million from the heist.

When asked in that same documentary if he received any of those fees, he replied, “Not directly.” When we spoke, I asked him to elaborate. He said he’s “not a recipient” of any funds THORChain sets aside for developers or marketers, nor does he operate any nodes. He was merely speaking generally, he told me: “All crypto holders profit indirectly off economic activity on any chain.”

a character in a hooded sweatshirt at a computer station

KAGAN MCLEOD

Most important to Thorbjornsen was that, despite “huge pressure to shut the protocol down and stop servicing these swaps,” THORChain chugged along. He also notes that the hackers’ tactics, moving fast and splitting funds across multiple addresses, made it difficult to identify “bad swaps.”

Blockchain experts like Nick Carlsen, a former FBI analyst at the blockchain intelligence company TRM Labs, don’t buy this assessment. Other services similar to THORChain were identifying and rejecting these transactions. Had THORChain done the same, Carlsen adds, the stolen funds could have been contained on the Ethereum network, which “would have basically denied North Korea the ability to kick off this laundering process.” 

And while THORChain touts its decentralization, in “practical applications” like the Lazarus Group’s theft, “most de-fi [decentralized finance] protocols are centralized,” says Daren Firestone, an attorney who represents crypto industry whistleblowers, citing a 2023 US Treasury Department risk assessment on illicit finance. 

With centralization comes culpability, and in these cases, Firestone adds, that comes down to “who profits from [the protocol], so who creates it? But most importantly, who controls it?” Is there someone who can “hit an emergency off switch? … Direct nodes?”

Many answer these questions with Thorbjornsen’s name. “Everyone likes to pass the blame,” he says, even though he wasn’t alone in building THORChain. “​​In the end, it all comes back to me anyway.”

THORChain origins

According to Thorbjornsen, his story goes like this.

The third of 10 homeschooled children in a “traditional” Catholic household in rural Australia, he spent his days learning math, reading, writing, and studying the Bible. As he got older, he was also responsible for instructing his younger siblings. Wednesday was his day to move the solar panels that powered their home. His parents “installed” a mango and citrus orchard, more to keep nine boys busy than to reap the produce, he says.

“We lived close to a local airfield,” Thorbjornsen says, “and I was always mesmerized by these planes.” He joined the Australian air force and studied engineering, but he says the military left him feeling like “a square peg in a round hole.” He adds that doing things his own way got him frequently “pulled aside” by superiors.

“That’s when I started looking elsewhere,” he says, and in 2013, he found bitcoin. It appealed because it existed “outside the system.”

During the 2017 crypto bull run, Thorbjornsen raised AU$12 million in an initial coin offering for CanYa, a decentralized marketplace he cofounded. CanYa ultimately “died” in 2018, and Thorbjornsen pivoted to a “decentralized liquidity” project that would become THORChain.

He worked with a couple of different developer teams, and then, in 2019, he clicked with an American developer, Chad Barraford, at a hackathon in Germany. Barraford (who declined to be interviewed for this story) was an early public face of THORChain. 

Around this time, Thorbjornsen says, “a couple of us helped manage the payroll and early investment funds.” In a 2020 interview, Kai Ansaari, identified as a THORChain “project lead,” wrote, “We’re all contributors … There’s no real ‘lead,’ ‘CEO,’ ‘founder,’ etc.”

In interviews conducted since he came out from behind the “leena” account in 2024, Thorbjornsen has positioned himself as a key lead. He now says his plan had always been to hand over the account, along with command powers and control of THORChain social media accounts, once the blockchain had matured enough to realize its promise of decentralization.

In 2021, he says, he started this process, first by ceasing to use his own rune to back node operators who didn’t have enough to supply their own funding (this can be a way to influence node votes without operating a node yourself). That year, the protocol suffered multiple hacks that resulted in millions of dollars in losses. Nine Realms, a US-incorporated coding company, was brought on to take over THORChain’s development. Thorbjornsen says he passed “leena” over to “other community members” and “left crypto” in 2021, selling “a bunch of bitcoin” and buying the helicopter. 

Despite this crypto departure, he came back onto the scene with gusto in 2024 when he revealed himself as the operator of the “leena” account. “​​For many years, I stayed private because I didn’t want the attention,” he says now. 

By early 2024 Thorbjornsen considered the network to be sufficiently decentralized and began advertising it publicly. He started regularly posting videos on his TikTok and YouTube channels (“Two sick videos every week,” in the words of one caption) that showed him piloting his helicopter wearing shirts that read “Thor.”

By November 2024, Thorbjornsen, who describes himself as “a bit flamboyant,” was calling himself THORChain’s CEO (“chief energy officer”) and the “master of the memes” in a video from Binance Blockchain Week, an industry conference in Dubai. You need “strong memetic energy,” he says in the video, “to create the community, to create the cult.” Cults imply centralized leadership, and since outing himself as “leena,” Thorbjornsen has publicly appeared to helm the project, with one interviewer deeming him the “THORChain Satoshi” (an allusion to the pseudonymous creator of bitcoin). 

One consequence of going public as a face of the protocol: He’s received death threats. “I stirred it up. Do I regret it? Who knows?” he said when we met in Australia. “It’s caused a lot of chaos.” 

But, he added, “this is the bed that I’ve laid.” When we spoke again, months later, he backtracked, saying he “got sucked into” defending THORChain in 2024 and 2025 because he was involved from 2018 to 2021 and has “a perspective on how the protocol operates.”

Centralized? 

Ryan Treat, a retired US Army veteran, woke up one morning in January 2025 to some disturbing activity on X. “My heart sank,” he says. THORFi, the THORChain program he’d used to earn interest on the bitcoin he’d planned to save for his retirement, had frozen all accounts—but that didn’t make sense.

THORFi featured a lending and saving program said to give users “complete control” and self-custody of their crypto, meaning they could withdraw it at any time. 

Treat was no crypto amateur. He bought his first bitcoin at around “$5 apiece,” he says, and had always kept it off centralized exchanges that would maintain custody of his wallets. He liked THORChain because it claimed to be decentralized and permissionless. “I got into bitcoin because I wanted to have government-less money,” he says. 

We were told it was decentralized. Then you wake up one morning and read this guy had an admin mimir.

Many who’d used THORFi lending and saving programs felt similarly. Users I interviewed differentiated THORChain from centralized lending platforms like BlockFi and Celsius, both of which offered extraordinarily high yields before filing for bankruptcy in 2022. “I viewed THORChain as a decentralized system where it was safer,” says Halsey Richartz, a Florida-based THORFi creditor, with “vanilla, 1% passive yield.” Indeed, users I spoke with hadn’t felt the need to monitor their THORFi deposits. “Only your key can be used to withdraw your funds,” the product’s marketing materials insisted. “Savers can withdraw their position to native assets at any time.”

So on January 9, when the “leena” account announced that an admin key had been used to pause withdrawals, it took THORFi users by surprise—and seemed to contradict the marketing messaging around decentralization. “We were told that it was decentralized, and you wake up one morning and read an article that says ‘This guy, JP, had an admin mimir,’” says Treat, referring to Thorbjornsen, “and I’m like, ‘What the fuck is an admin mimir?’”

The admin mimir was one of “a bunch of hard-coded admin keys built into the base code of the system,” says Jonathan Reiter, CEO of the blockchain intelligence company ChainArgos. Those with access to the keys had the ability to make executive decisions on the blockchain—a function many THORChain users didn’t realize could supersede the more democratic decisions made by node votes. These keys had been in THORChain’s code for years and “let you control just about anything,” Reiter adds, including the decision to pause the network during the hacks in 2021 that resulted in a loss of more than $16 million in assets. 

Thorbjornsen says that one key was given to Nine Realms, while another was “shared around the original team.” He told me at least three people had them, adding, “I can neither confirm nor deny having access to that mimir key, because there’s no on-chain registry of the keys.”

Regardless of who had access, Thorbjornsen maintains that the admin mimir mechanism was “widely known within the community, and heavily used throughout THORChain’s history” and that any action taken using the keys “could be largely overruled by the nodes.” Indeed, nodes voted to open withdrawals back up shortly after the admin key was used to pause them. By then, those burned by THORFi argue, the damage had already been done. The executive pause to withdrawals, for some, signaled that something was amiss with THORFi. This led to a bank run after the pause was lifted, until the nodes voted to freeze withdrawals permanently (which Thorbjornsen had suggested in a since-deleted post on X), separating users from crypto worth around $200 million in US dollars on January 23. THORFi users were then offered a token called TCY (THORChain Yield), which they could claim with the idea that, when its price rose to $1, they would be made whole. (The price, as of writing, sits at $0.16.)

Who used the key? Thorbjornsen maintains he didn’t do it, but he claims he knows who did and won’t say. He says he’d handed over the “leena” account and doesn’t “have access to any of the core components of the system,” nor has he for “at least three years.” He implies that whoever controlled “leena” at the time used the admin key to pause network withdrawals.

A video released by Nine Realms on February 20, 2025, names Thorbjornsen as the activator of the key, stating, “JP ended up pausing lenders and savers, preventing withdrawals so that we can work out … [a] payback plan on them.” Thorbjornsen told me the video was “not factual.”

Multiple blockchain analysts told me it would be extremely difficult to determine who used the admin mimir key. A month after it was used to pause the network, THORChain said the key had been “removed from the network.” At least you can’t find the words “admin mimir” in THORChain’s base code; I’ve looked. 

Culpability

After the debacle of the THORFi withdrawal freeze, Richartz says, he tried to file reports with the Miami-Dade Police Department, the Florida Department of Law Enforcement, the FBI, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Federal Trade Commission, and Interpol. When we spoke in November, he still hadn’t been able to file with the city of Miami. They told him to try small claims court.

“I was like, no, you don’t understand … a post office box in Switzerland is the company address,” he says. “It underscored to me how little law enforcement even knows about these crimes.” 

As for the Bybit hack, at least one government has retaliated against those who facilitate blockchain projects. Last April German authorities shut down eXch, an exchange suspected of using THORChain to process funds Lazarus stole from Bybit, says Julia Gottesman, cofounder and head of investigations at the cybersecurity group zeroShadow. Australia, she adds, where Thorbjornsen was based, has been “slow to try to engage with the crypto community, or any regulations.”

a character with his pockets turned out shrugs next to his helicopter while wearing meme sunglasses

KAGAN MCLEOD

In response to requests for comment, Australia’s Department of Home Affairs wrote that at the end of March 2026, the country’s regulatory powers will expand to include “exchanges between the same type of cryptocurrency and transfers between different types.” They did not comment on specific investigations.

Crypto and finance experts disagree about whether THORChain engaged in money laundering, defined by the UN as “the processing of criminal proceeds to disguise their illegal origin.” But some think it fits the definition.

Shlomit Wagman, a Harvard fellow and former head of Israel’s anti-money-laundering agency and its delegation to the Financial Action Task Force (FATF), thinks the Bybit activity was money laundering because THORChain helped the hackers “transfer the funds in an unsupervised manner, completely outside of the scope of regulated or supervised activity.” 

And by helping with conversions, Carlsen says, THORChain enabled bad actors to turn stolen crypto into usable currency. “People like [Thorbjornsen] have a personal degree of culpability in sustaining the North Korean government,” he says. Thorbjornsen counters that THORChain is “open-source infrastructure.”

Meanwhile, just days after the hack, Bybit issued a 10% bounty on any funds recovered. As of mid-January this year, between $100 million and $500 million worth of those funds in US dollars remain unaccounted for, according to Gottesman of zeroShadow, which was hired by Bybit to recover funds following the hack.

Thorbjornsen hacked

For Thorbjornsen, it’s just another day at the casino. That’s the comparison he made during his regrettable 7 News Spotlight interview about the Bybit heist, and he repeated it when we met. “You go to a casino, you play a few games, you expect to lose,” he told me. “When you do actually go to zero, don’t cry.”

Thorbjornsen, it should be noted, has lost at the casino himself.

In September, he says, he got a Telegram message from a friend, inviting him to a Zoom meeting. He accepted and participated in a call with people who had “American voices.”

Ultimately, Thorbjornsen describes himself as a guy who’s had a bad year, fending off “threat vectors” left and right.

After the meeting, Thorbjornsen learned that his friend’s Telegram had been hacked. Whoever was responsible had used the Zoom link to remotely install software on Thorbjornsen’s computer, which “got access to everything”—his email, his crypto wallets, a bitcoin-based retirement fund. It cost him at least $1.2 million. The blockchain sleuth known as ZachXBT traced the funds and attributed the hack to North Korea. 

ZachXBT called it “poetic.”

Ultimately, Thorbjornsen describes himself as a guy who’s had a bad year. He says he had to liquidate his crypto assets because he’s dealing with the fallout of a recent divorce. He also feels he is fending off “threat vectors” left and right. More than once, he asked if I was a private investigator masquerading as a journalist.

Still, his many contradictions don’t inspire confidence. He doesn’t have any more crypto assets, he says. However, the crypto wallet he shared with me so I could pay him back for lunch showed that it contained assets worth more than $143,000 in US dollars. He now says it wasn’t his wallet. He says he doesn’t control THORChain’s social media, but he’d also told me that he runs the @THORChain X account (later backtracking and saying the account is “delegated” to him for trickier questions).

He insists that he does not care about money. He says that in the robot future, the AI-powered hive mind will become our benevolent overlord, rendering money obsolete, so why give it much thought? Yet as we flew back from the vineyard, he pointed out his new house from the helicopter. It resembles a compound. He says he lives there with his new wife. 

Multiple people I spoke with about Thorbjornsen before I met him warned me he wasn’t trustworthy, and he’s undeniably made fishy statements. For instance, the presence of a North Korean flag in a row of decals on the tail of his helicopter suggested an affinity with the country for which THORChain has processed so much crypto. Thorbjornsen insists he had requested the flag of Australia’s Norfolk Island, calling the mix-up “a complete coincidence.” The flags were gone by the time of our flight, apparently removed during a recent repair.

“Money is a meme,” he says. “Money does not exist.” Meme or not, it’s had real repercussions for those who have interacted with THORChain, and those who wound up losing have been looking for someone to blame. 

When I spoke with Thorbjornsen again in January, he appeared increasingly concerned that he is that someone. He’s spending more time in Singapore, he told me. Singapore happens to have historically denied extraditions to the US for money-laundering prosecutions. 

Jessica Klein is a Philadelphia-based freelance journalist covering intimate partner violence, cryptocurrency, and other topics.

Shape
Shape
Stay Ahead

Explore More Insights

More Articles

Stay ahead with more perspectives on cutting-edge power, infrastructure, energy,  bitcoin and AI solutions. Explore these articles to uncover strategies and insights shaping the future of industries.

Shape

CompTIA launches SecAI+ certification

The certification covers how to secure AI platforms and functionality, how to use AI to improve processes such as incident response, security analytics, threat intelligence, and penetration testing. It also focuses on how AI can automate compliance and risk management procedures under human guidance, according to CompTIA. “CompTIA SecAI+ addresses

Read More »

Palo Alto to acquire Israeli startup Koi for agentic AI security

Prisma AIRS features AI model scanning, which lets enterprises safely adopt AI models by scanning them for vulnerabilities and secure the AI ecosystem against risks such as model tampering, malicious scripts, and deserialization attacks. Posture management provides enterprises with insight into their security posture as related to the AI ecosystem

Read More »

Energy Secretary Prevents Closure of Coal Plant That Provided Essential Power During Winter Storm

WASHINGTON—U.S. Secretary of Energy Chris Wright renewed an emergency order to address critical grid reliability issues facing the Midwestern region of the United States. The emergency order directs the Midcontinent Independent System Operator (MISO), in coordination with Consumers Energy, to ensure that the J.H. Campbell coal-fired power plant (Campbell Plant) in West Olive, Michigan shall take all steps necessary to remain available to operate and to employ economic dispatch to minimize costs for the American people. The Campbell Plant was originally scheduled to shut down on May 31, 2025 — 15 years before the end of its scheduled design life. “The energy sources that perform when you need them most are inherently the most valuable—that’s why beautiful, clean coal was the MVP of recent winter storms,” Secretary Wright said. “Hundreds of American lives have likely been saved because of President Trump’s actions saving America’s coal plants, including this Michigan coal plant which ran daily during Winter Storm Fern. This emergency order will mitigate the risk of blackouts and maintain affordable, reliable, and secure electricity access across the region.” The Campbell Plant was integral in stabilizing the grid during the recent winter storms. The plant operated at over 650 megawatts every day before and during Winter Storm Fern, January 21-February 1, proving that allowing it to cease operations would needlessly contribute to grid fragility. Thanks to President Trump’s leadership, coal plants across the country are reversing plans to shut down. In 2025, more than 17 gigawatts of coal-powered electricity generation were saved ahead of Winter Storm Fern. Since the Department of Energy’s (DOE) original order issued on May 23, the Campbell Plant has proven critical to MISO’s operations, operating regularly during periods of high energy demand and low levels of intermittent energy production. Subsequent orders were issued on August 20, 2025 and November 18, 2025. As outlined in DOE’s Resource

Read More »

EBW Warned of Faltering Gas Demand Heading into Holiday Weekend

In a U.S. natural gas focused EBW Analytics Group report sent to Rigzone by the EBW team on Friday, Eli Rubin, an energy analyst at the company, warned of “faltering demand” heading into the President’s Day holiday weekend. “The March contract tested as high as $3.316 yesterday before selling off after a bearish EIA [U.S. Energy Information Administration] storage surprise, and ahead of deteriorating heating demand into President’s Day holiday weekend and an 11 billion cubic foot per day drop into next Wednesday,” Rubin said in Friday’s report. “The threat of cold air in Western Canada and the Pacific Northwest moving into the U.S. remains a primary source of support,” he added. “If the market returns from the holiday weekend without this threat materializing, however, sub-$3.00 per million British thermal units may be in play as the year over year storage deficit flips to a 170 billion cubic foot surplus by late February,” he continued. In the report, Rubin went on to state that “steep storage refill demand east of the Rockies and loose supply/demand fundamentals during recent Marches may offer some medium-term support”. He added, however, that “storage exiting March near 1,800 billion cubic feet, with gathering production tailwinds and decelerating year over year LNG growth into mid to late 2026, suggest a bearish outlook for NYMEX gas futures”. In its latest weekly natural gas storage report, which was released on February 12 and included data for the week ending February 6, the EIA revealed that, according to its estimates, working gas in storage was 2,214 billion cubic feet as of February 6. “This represents a net decrease of 249 billion cubic feet from the previous week,” the EIA highlighted in the report. “Stocks were 97 billion cubic feet less than last year at this time and 130 billion

Read More »

North America Drops 6 Rigs Week on Week

North America dropped six rigs week on week, according to Baker Hughes’ latest North America rotary rig count, which was published on February 13. The total U.S. rig count remained unchanged week on week and the total Canada rig count dropped by six during the same period, pushing the total North America rig count down to 773, comprising 551 rigs from the U.S. and 222 rigs from Canada, the count outlined. Of the total U.S. rig count of 551, 531 rigs are categorized as land rigs, 17 are categorized as offshore rigs, and three are categorized as inland water rigs. The total U.S. rig count is made up of 409 oil rigs, 133 gas rigs, and nine miscellaneous rigs, according to Baker Hughes’ count, which revealed that the U.S. total comprises 481 horizontal rigs, 57 directional rigs, and 13 vertical rigs. Week on week, the U.S. land rig count dropped by one, its offshore rig count rose by one, and its inland water rig count remained unchanged, Baker Hughes highlighted. The U.S. oil rig count decreased by three week on week, while its gas rig count increased by three and its miscellaneous rig count remained unchanged, the count showed. The U.S. horizontal rig count dropped by two week on week, its directional rig count rose by two week on week, and its vertical rig count remained flat during the same period, the count revealed. A major state variances subcategory included in the rig count showed that, week on week, Texas dropped three rigs, Oklahoma and North Dakota each dropped one rig, Louisiana added two rigs, and New Mexico, Pennsylvania, and Wyoming each added one rig. A major basin variances subcategory included in the rig count showed that, week on week, the Permian basin dropped three rigs, the Williston basin dropped

Read More »

Aramco Commits to 1 MMtpa for 20 Years from Commonwealth LNG

Saudi Arabian Oil Co (Aramco) has signed a 20-year agreement to buy one million metric tons per annum (MMtpa) of liquefied natural gas from the under-development Commonwealth LNG in Cameron Parish, Louisiana. “Commonwealth is advancing toward a final investment decision with line of sight to secure its remaining capacity”, said a joint statement by the offtake parties. “Aramco Trading joins Glencore, JERA, PETRONAS, Mercuria and EQT among international energy companies entering into long-term offtake contracts with the platform”. Early this month Commonwealth announced a 20-year deal to supply one MMtpa to Geneva, Switzerland-based energy and commodities trader Mercuria. Commonwealth LNG is a project of Kimmeridge Energy Management Co LLC and Mubadala Investment Co through their joint venture Caturus HoldCo LLC. Expected to start operation 2030, Commonwealth LNG is designed to produce up to 9.5 million metric tons a year of LNG. “This agreement highlights the strong international demand for U.S. LNG and underscores how our longstanding relationships and capabilities position Caturus to serve global markets”, said Caturus chief executive David Lawler. “Our contract with Aramco Trading underscores the differentiated value Caturus can bring through our global reach in offering wellhead to water services”, Lawler added. Mohammed K. Al Mulhim, Aramco Trading president and CEO, said, “This agreement reflects Aramco Trading’s efforts to secure a reliable, long-term energy supply for global markets while strengthening our presence in the LNG sector”. The Gulf Coast project is permitted to ship up to 9.5 MMtpa of LNG, equivalent to around 1.21 billion cubic feet per day of gas according to Kimmeridge. The United States Energy Department granted the project authorization to export to countries without a free trade agreement (FTA) with the U.S. in August 2025 and FTA authorization in April 2020. The developers expect the first phase of the project to generate around

Read More »

Enbridge Q4 Profit Up YoY

Enbridge Inc has reported CAD 1.95 billion ($1.43 billion) in earnings and CAD 1.92 billion in adjusted earnings for the fourth quarter of 2025, up from CAD 493 million and CAD 1.64 billion for the same three-month period in 2024 respectively. Q4 2025 income per share of CAD 0.88 ($0.63), adjusted for extraordinary items, beat the Zacks Consensus Estimate of $0.6. Calgary-based Enbridge, which operates oil and gas pipelines in Canada and the United States, earlier bumped up its quarterly dividend by three percent against the prior rate to CAD 0.97. The annualized rate for 2026 is CAD 3.88 per share. Q4 2025 adjusted EBITDA rose 1.62 percent year-on-year to CAD 5.21 billion “due primarily to favorable gas transmission contracting and Venice Extension entering service, colder weather and higher rates and customer growth at Enbridge Gas Ontario, partially offset by the absence in 2025 of equity earnings related to investment tax credits from our investment in Fox Squirrel Solar”, Enbridge said in an online statement. United States gas transmission contributed CAD 997 million to segment adjusted EBITDA, down from CAD 1 billion for Q4 2024. The U.S. figure benefited from the startup of the Venice Extension Project, which expands the Texas Eastern system’s capacity to deliver gas to Gulf Coast markets, and Enbridge’s acquisition of a stake in the Matterhorn Express Pipeline. Enbridge also recognized “favorable contracting and successful rate case settlements on our U.S. Gas Transmission assets”, partially offset by the timing of operating costs. Adjusted EBITDA from Canadian gas transmission increased from CAD 157 million for Q4 2024 to CAD 190 million for Q4 2025, helped by “higher revenues at Aitken Creek due to favorable storage spreads”. Liquid pipelines logged CAD 2.45 billion in adjusted EBITDA, up from CAD 2.4 billion for Q4 2024. The Mainline System, which carries

Read More »

Analyst Highlights Focus of IEW Event

Focus at the London International Energy Week (IEW) last week was the balancing of geopolitics versus assessed surplus of oil globally in 2026. That’s what Skandinaviska Enskilda Banken AB (SEB) Chief Commodities Analyst Bjarne Schieldrop noted in a SEB report sent to Rigzone on Monday morning, adding that one delegate at the event stated that “if OPEC doesn’t cut, we’ll have $45 per barrel in June”. “That may be true,” Schieldrop said in the report. “But OPEC+ is meeting every month, taking a measure of the state of the global oil market and then decides what to do on the back of that. The group has been very explicit that they may cut, increase, or keep production steady depending on their findings,” he added. “We believe they will and thus we do not buy into $45 per barrel by June because, if need-be, they will trim production as they say they will,” he continued, pointing out that OPEC+ is next scheduled to meet on March 1 “to discuss production for April”. Schieldrop highlighted in the report that, in its February oil market report, the International Energy Agency (IEA) “restated its view that the world will only need 25.7 million barrels per day of crude from OPEC in 2026 versus a recent production by the group of 28.8 million barrels per day”. “I.e. that to keep the market balanced the group will need to cut production by some three million barrels per day,” he said. “Though strategic stock building around the world needs to be deducted from that. And the appetite for such stock building could be solid given elevated geopolitical risks. Thus what will flow to commercial stocks in the end remains to be seen,” he stated. Schieldrop went on to note in the report that increased Iranian tension could drive Brent

Read More »

AI likely to put a major strain on global networks—are enterprises ready?

“When AI pipelines slow down or traffic overloads common infrastructure, business processes slow down, and customer experience degrades,” Kale says. “Since many organizations are using AI to enable their teams to make critical decisions, disruptions caused by AI-related failures will be experienced instantly by both internal teams and external customers.” A single bottleneck can quickly cascade through an organization, Kales says, “reducing the overall value of the broader digital ecosystem.” In 2026, “we will see significant disruption from accelerated appetite for all things AI,” research firm Forrester noted in a late-year predictions post. “Business demands of AI systems, network connectivity, AI for IT operations, the conversational AI-powered service desk, and more are driving substantial changes that tech leaders must enable within their organizations.” And in a 2025 study of about 1,300 networking, operations, cloud, and architecture professionals worldwide, Broadcom noted a “readiness gap” between the desire for AI and network preparedness. While 99% of organizations have cloud strategies and are adopting AI, only 49% say their networks can support the bandwidth and low latency that AI requires, according to Broadcom’s  2026 State of Network Operations report. “AI is shifting Internet traffic from human-paced to machine-paced, and machines generate 100 times more requests with zero off-hours,” says Ed Barrow, CEO of Cloud Capital, an investment management firm focused on acquiring, managing, and operating data centers. “Inference workloads in particular create continuous, high-intensity, globally distributed traffic patterns,” Barrow says. “A single AI feature can trigger millions of additional requests per hour, and those requests are heavier—higher bandwidth, higher concurrency, and GPU-accelerated compute on the other side of the network.”

Read More »

Adani bets $100 billion on AI data centers as India eyes global hub status

The sovereignty question Adani framed the investment as a matter of national digital sovereignty, saying it would reserve a significant portion of GPU capacity for Indian AI startups and research institutions. Analysts were not convinced the structure supported the claim. “I believe it is too distant from digital sovereignty if the majority of the projects are being built to serve leading MNC AI hyperscalers,” said Shah. “Equal investments have to happen for public AI infrastructure, and the data of billions of users — from commerce to content to health — must remain sovereign.” Gogia framed the gap in operational terms. “Ownership alone does not define sovereignty,” he said. “The practical determinants are who controls privileged access during incidents, where critical workloads fail over when grids are stressed, and what regulatory oversight mechanisms are contractually enforceable.” Those are questions Adani has not yet answered and the market, analysts say, will be watching for more than just construction progress. But Banerjee said the market would not wait nine years to judge the announcement. “In practice, I think the market will judge this on near-term proof points, grid capacity secured, power contracting in place, and anchor tenants signed, rather than the headline capex or long-dated targets,” he said.

Read More »

Arista laments ‘horrendous’ memory situation

Digging in on campus Arista has been clear about its plans to grow its presence campus networking environments. Last Fall, Ullal said she expects Arista’s campus and WAN business would grow from the current $750 million-$800 million run rate to $1.25 billion, representing a 60% growth opportunity for the company. “We are committed to our aggressive goal of $1.25 billion for ’26 for the cognitive campus and branch. We have also successfully deployed in many routing edge, core spine and peering use cases,” Ullal said. “In Q4 2025, Arista launched our flagship 7800 R4 spine for many routing use cases, including DCI, AI spines with that massive 460 terabits of capacity to meet the demanding needs of multiservice routing, AI workloads and switching use cases. The combined campus and routing adjacencies together contribute approximately 18% of revenue.” Ethernet leads the way “In terms of annual 2025 product lines, our core cloud, AI and data center products built upon our highly differentiated Arista EOS stack is successfully deployed across 10 gig to 800 gigabit Ethernet speeds with 1.6 terabit migration imminent,” Ullal said. “This includes our portfolio of EtherLink AI and our 7000 series platforms for best-in-class performance, power efficiency, high availability, automation, agility for both the front and back-end compute, storage and all of the interconnect zones.” Ullal said she expects Ethernet will get even more of a boost later this year when the multivendor Ethernet for Scale-Up Networking (ESUN) specification is released.  “We have consistently described that today’s configurations are mostly a combination of scale out and scale up were largely based on 800G and smaller ratings. Now that the ESUN specification is well underway, we need a good solid spec. Otherwise, we’ll be shipping proprietary products like some people in the world do today. And so we will tie our

Read More »

From NIMBY to YIMBY: A Playbook for Data Center Community Acceptance

Across many conversations at the start of this year, at PTC and other conferences alike, the word on everyone’s lips seems to be “community.” For the data center industry, that single word now captures a turning point from just a few short years ago: we are no longer a niche, back‑of‑house utility, but a front‑page presence in local politics, school board budgets, and town hall debates. That visibility is forcing a choice in how we tell our story—either accept a permanent NIMBY-reactive framework, or actively build a YIMBY narrative that portrays the real value digital infrastructure brings to the markets and surrounding communities that host it. Speaking regularly with Ilissa Miller, CEO of iMiller Public Relations about this topic, there is work to be done across the ecosystem to build communications. Miller recently reflected: “What we’re seeing in communities isn’t a rejection of digital infrastructure, it’s a rejection of uncertainty driven by anxiety and fear. Most local leaders have never been given a framework to evaluate digital infrastructure developments the way they evaluate roads, water systems, or industrial parks. When there’s no shared planning language, ‘no’ becomes the safest answer.” A Brief History of “No” Community pushback against data centers is no longer episodic; it has become organized, media‑savvy, and politically influential in key markets. In Northern Virginia, resident groups and environmental organizations have mobilized against large‑scale campuses, pressing counties like Loudoun and Prince William to tighten zoning, question incentives, and delay or reshape projects.1 Loudoun County’s move in 2025 to end by‑right approvals for new facilities, requiring public hearings and board votes, marked a watershed moment as the world’s densest data center market signaled that communities now expect more say over where and how these campuses are built. Prince William County’s decision to sharply increase its tax rate on

Read More »

Nomads at the Frontier: PTC 2026 Signals the Digital Infrastructure Industry’s Moment of Execution

Each January, the Pacific Telecommunications Council conference serves as a barometer for where digital infrastructure is headed next. And according to Nomad Futurist founders Nabeel Mahmood and Phillip Koblence, the message from PTC 2026 was unmistakable: The industry has moved beyond hype. The hard work has begun. In the latest episode of The DCF Show Podcast, part of our ongoing ‘Nomads at the Frontier’ series, Mahmood and Koblence joined Data Center Frontier to unpack the tone shift emerging across the AI and data center ecosystem. Attendance continues to grow year over year. Conversations remain energetic. But the character of those conversations has changed. As Mahmood put it: “The hype that the market started to see is actually resulting a bit more into actions now, and those conversations are resulting into some good progress.” The difference from prior years? Less speculation. More execution. From Data Center Cowboys to Real Deployments Koblence offered perhaps the sharpest contrast between PTC conversations in 2024 and those in 2026. Two years ago, many projects felt speculative. Today, developers are arriving with secured power, customers, and construction underway. “If 2024’s PTC was data center cowboys — sites that in someone’s mind could be a data center — this year was: show me the money, show me the power, give me accurate timelines.” In other words, the market is no longer rewarding hypothetical capacity. It is demanding delivered capacity. Operators now speak in terms of deployments already underway, not aspirational campuses still waiting on permits and power commitments. And behind nearly every conversation sits the same gating factor. Power. Power Has Become the Industry’s Defining Constraint Whether discussions centered on AI factories, investment capital, or campus expansion, Mahmood and Koblence noted that every conversation eventually returned to energy availability. “All of those questions are power,” Koblence said.

Read More »

Cooling Consolidation Hits AI Scale: LiquidStack, Submer, and the Future of Data Center Thermal Strategy

As AI infrastructure scales toward ever-higher rack densities and gigawatt-class campuses, cooling has moved from a technical subsystem to a defining strategic issue for the data center industry. A trio of announcements in early February highlights how rapidly the cooling and AI infrastructure stack is consolidating and evolving: Trane Technologies’ acquisition of LiquidStack; Submer’s acquisition of Radian Arc, extending its reach from core data centers into telco edge environments; and Submer’s partnership with Anant Raj to accelerate sovereign AI infrastructure deployment across India. Layered atop these developments is fresh guidance from Oracle Cloud Infrastructure explaining why closed-loop, direct-to-chip cooling is becoming central to next-generation facility design, particularly in regions where water use has become a flashpoint in community discussions around data center growth. Taken together, these developments show how the industry is moving beyond point solutions toward integrated, scalable AI infrastructure ecosystems, where cooling, compute, and deployment models must work together across hyperscale campuses and distributed edge environments alike. Trane Moves to Own the Cooling Stack The most consequential development comes from Trane Technologies, which on February 10 announced it has entered into a definitive agreement to acquire LiquidStack, one of the pioneers and leading innovators in data center liquid cooling. The acquisition significantly strengthens Trane’s ambition to become a full-service thermal partner for data center operators, extending its reach from plant-level systems all the way down to the chip itself. LiquidStack, headquartered in Carrollton, Texas, built its reputation on immersion cooling and advanced direct-to-chip liquid solutions supporting high-density deployments across hyperscale, enterprise, colocation, edge, and blockchain environments. Under Trane, those technologies will now be scaled globally and integrated into a broader thermal portfolio. In practical terms, Trane is positioning itself to deliver cooling across the full thermal chain, including: • Central plant equipment and chillers.• Heat rejection and controls

Read More »

Microsoft will invest $80B in AI data centers in fiscal 2025

And Microsoft isn’t the only one that is ramping up its investments into AI-enabled data centers. Rival cloud service providers are all investing in either upgrading or opening new data centers to capture a larger chunk of business from developers and users of large language models (LLMs).  In a report published in October 2024, Bloomberg Intelligence estimated that demand for generative AI would push Microsoft, AWS, Google, Oracle, Meta, and Apple would between them devote $200 billion to capex in 2025, up from $110 billion in 2023. Microsoft is one of the biggest spenders, followed closely by Google and AWS, Bloomberg Intelligence said. Its estimate of Microsoft’s capital spending on AI, at $62.4 billion for calendar 2025, is lower than Smith’s claim that the company will invest $80 billion in the fiscal year to June 30, 2025. Both figures, though, are way higher than Microsoft’s 2020 capital expenditure of “just” $17.6 billion. The majority of the increased spending is tied to cloud services and the expansion of AI infrastructure needed to provide compute capacity for OpenAI workloads. Separately, last October Amazon CEO Andy Jassy said his company planned total capex spend of $75 billion in 2024 and even more in 2025, with much of it going to AWS, its cloud computing division.

Read More »

John Deere unveils more autonomous farm machines to address skill labor shortage

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Self-driving tractors might be the path to self-driving cars. John Deere has revealed a new line of autonomous machines and tech across agriculture, construction and commercial landscaping. The Moline, Illinois-based John Deere has been in business for 187 years, yet it’s been a regular as a non-tech company showing off technology at the big tech trade show in Las Vegas and is back at CES 2025 with more autonomous tractors and other vehicles. This is not something we usually cover, but John Deere has a lot of data that is interesting in the big picture of tech. The message from the company is that there aren’t enough skilled farm laborers to do the work that its customers need. It’s been a challenge for most of the last two decades, said Jahmy Hindman, CTO at John Deere, in a briefing. Much of the tech will come this fall and after that. He noted that the average farmer in the U.S. is over 58 and works 12 to 18 hours a day to grow food for us. And he said the American Farm Bureau Federation estimates there are roughly 2.4 million farm jobs that need to be filled annually; and the agricultural work force continues to shrink. (This is my hint to the anti-immigration crowd). John Deere’s autonomous 9RX Tractor. Farmers can oversee it using an app. While each of these industries experiences their own set of challenges, a commonality across all is skilled labor availability. In construction, about 80% percent of contractors struggle to find skilled labor. And in commercial landscaping, 86% of landscaping business owners can’t find labor to fill open positions, he said. “They have to figure out how to do

Read More »

2025 playbook for enterprise AI success, from agents to evals

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More 2025 is poised to be a pivotal year for enterprise AI. The past year has seen rapid innovation, and this year will see the same. This has made it more critical than ever to revisit your AI strategy to stay competitive and create value for your customers. From scaling AI agents to optimizing costs, here are the five critical areas enterprises should prioritize for their AI strategy this year. 1. Agents: the next generation of automation AI agents are no longer theoretical. In 2025, they’re indispensable tools for enterprises looking to streamline operations and enhance customer interactions. Unlike traditional software, agents powered by large language models (LLMs) can make nuanced decisions, navigate complex multi-step tasks, and integrate seamlessly with tools and APIs. At the start of 2024, agents were not ready for prime time, making frustrating mistakes like hallucinating URLs. They started getting better as frontier large language models themselves improved. “Let me put it this way,” said Sam Witteveen, cofounder of Red Dragon, a company that develops agents for companies, and that recently reviewed the 48 agents it built last year. “Interestingly, the ones that we built at the start of the year, a lot of those worked way better at the end of the year just because the models got better.” Witteveen shared this in the video podcast we filmed to discuss these five big trends in detail. Models are getting better and hallucinating less, and they’re also being trained to do agentic tasks. Another feature that the model providers are researching is a way to use the LLM as a judge, and as models get cheaper (something we’ll cover below), companies can use three or more models to

Read More »

OpenAI’s red teaming innovations define new essentials for security leaders in the AI era

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More OpenAI has taken a more aggressive approach to red teaming than its AI competitors, demonstrating its security teams’ advanced capabilities in two areas: multi-step reinforcement and external red teaming. OpenAI recently released two papers that set a new competitive standard for improving the quality, reliability and safety of AI models in these two techniques and more. The first paper, “OpenAI’s Approach to External Red Teaming for AI Models and Systems,” reports that specialized teams outside the company have proven effective in uncovering vulnerabilities that might otherwise have made it into a released model because in-house testing techniques may have missed them. In the second paper, “Diverse and Effective Red Teaming with Auto-Generated Rewards and Multi-Step Reinforcement Learning,” OpenAI introduces an automated framework that relies on iterative reinforcement learning to generate a broad spectrum of novel, wide-ranging attacks. Going all-in on red teaming pays practical, competitive dividends It’s encouraging to see competitive intensity in red teaming growing among AI companies. When Anthropic released its AI red team guidelines in June of last year, it joined AI providers including Google, Microsoft, Nvidia, OpenAI, and even the U.S.’s National Institute of Standards and Technology (NIST), which all had released red teaming frameworks. Investing heavily in red teaming yields tangible benefits for security leaders in any organization. OpenAI’s paper on external red teaming provides a detailed analysis of how the company strives to create specialized external teams that include cybersecurity and subject matter experts. The goal is to see if knowledgeable external teams can defeat models’ security perimeters and find gaps in their security, biases and controls that prompt-based testing couldn’t find. What makes OpenAI’s recent papers noteworthy is how well they define using human-in-the-middle

Read More »
More Articles