THORChain Halts Trading After Suspected Exploit
THORChain, a decentralized cross-chain liquidity protocol, has suspended all trading and signing operations following a suspected exploit exceeding $10 million. The halt was triggered after blockchain investigator ZachXBT flagged suspicious activity across multiple blockchains.
The THORChain alerts Telegram channel announced the pause, extending it to block 26191149, an estimated duration of 12 hours and 42 minutes. The decision came shortly after ZachXBT reported that the protocol had likely been exploited across Bitcoin, Ethereum, BNB Chain, and Base.
Arkham Intelligence data identified a wallet labeled as the THORChain exploiter holding $10.8 million. The funds were transferred through several smaller transactions in the 30 minutes leading up to 10:11 a.m. UTC.
Thorchain exploiter-tagged wallet. Source: Arkham
THORChain had not publicly confirmed the exploit at the time of publication. Cointelegraph reached out to the protocol for comment. Both ZachXBT and blockchain security firm PeckShield flagged suspicious activity related to the incident.
The suspected exploit contributes to growing security concerns within the decentralized finance sector. Hackers stole over $634 million from DeFi protocols in April, the highest monthly total since February 2025. That month saw a record $1.46 billion in losses, driven largely by the $1.4 billion hack on cryptocurrency exchange Bybit, according to data from DefiLlama.
Read Also: Kelp DAO Blames LayerZero’s Default Settings for $290 Million Bridge Exploit
Following news of the suspected exploit, THORChain’s native RUNE token declined approximately 13 percent. The token traded near $0.51 at the time of writing, according to CoinGecko data. The drop adds to existing downward pressure on RUNE, which has fallen 72 percent over the past year.
RUNE/USD, one-day chart. Source: CoinGecko
THORChain operates as a non-custodial cross-chain protocol, allowing users to swap assets across different blockchains without relying on centralized intermediaries. The protocol has previously been used by malicious actors to convert stolen funds, though it is not classified as a cryptocurrency mixer such as Tornado Cash.
In April, the attacker behind the $293 million Kelp DAO exploit routed 75,700 Ether through THORChain, generating approximately $910,000 in protocol revenue. Additionally, hackers involved in the $1.4 billion Bybit exploit moved roughly $1.2 billion through THORChain, swapping Ether to Bitcoin, according to Bybit co-founder and CEO Ben Zhou.
More Reads:
BMetaplanet Bleeds $725 Million as the Market Turns Ugly
The Bank of England Has Quietly Decided That Stablecoins Are Real Money
If you’re reading this, you’re already ahead. Stay there, by joining the…
Dipprofit’s private Telegram community
Discover more from Dipprofit
Subscribe to get the latest posts sent to your email.
