Crypto researcher ZachXBT has publicly criticized the co-founder of Vultisig for his involvement in new projects, citing distrust stemming from a past incident with ThorFi. According to ZachXBT, Vultisig’s co-founder, JP, displayed a “lack of ethics” and negligence by executing a nine-figure rug pull via an admin key in ThorFi and refusing to return fees collected from illicit funds through centralized interfaces of his products. The investigator also highlighted alleged connections with projects reportedly involving North Korean IT specialists.
ZachXBT mentioned that JP’s personal wallets were compromised through malware after a phishing call on Telegram. While the researcher stopped short of labeling Vultisig itself as a scam, he emphasized that his concerns focus on JP’s management choices and behavior. He warned that in future incidents, JP might likely evade accountability.
The community reaction has been mixed. Some users argued that the ThorFi situation was misinterpreted, noting that the protocol itself was never directly hacked. Instead, it was temporarily paused using the MIMIR admin function and later restored through validator decisions, with users receiving TCY tokens as compensation.
ZachXBT countered that the compensation was incomplete and that the MIMIR admin actions were “one-sided,” contributing to legal claims from affected parties. He stressed that the lack of transparency and oversight created conditions for widespread losses.
The discussion quickly evolved into a broader debate on decentralization principles and ethical responsibility. Some on social media considered ZachXBT’s critique biased, suggesting that JP’s approach reflected early crypto ideals—protocol independence from individual users. Others sided with ZachXBT, arguing that “without ethical accountability, decentralization becomes a cover for abuse.”
