Written by Zoltan Vardai, Staff Writer. Reviewed by Bryan O’Shea, Staff Editor.
Written by Zoltan Vardai, Staff Writer.
Reviewed by Bryan O’Shea, Staff Editor.
THORChain pauses trading after suspected $10M exploit
Latest NewsPublishedMay 15, 2026
THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base.
Decentralized liquidity protocol THORChain halted trading after blockchain investigator ZachXBT flagged a suspected exploit of more than $10 million.
A THORChain alerts Telegram channel showed all trading and signing halted, with a global node pause extended until block 26191149, or roughly 12 hours and 42 minutes. The halt came shortly after ZachXBT stated the protocol had likely been exploited across Bitcoin, Ethereum, BNB Chain and Base.
A wallet labeled by Arkham as the THORChain exploiter showed $10.8 million in holdings, transferred across several smaller transactions in the 30 minutes before 10:11 am UTC.
The suspected exploit adds to the mounting security concerns around decentralized finance (DeFi) protocols, after hackers stole over $634 million during April, marking the highest monthly sum since the $1.46 billion in February 2025, when hackers staged the record $1.4 billion hack on Bybit exchange, DefiLlama data shows.
Cointelegraph reached out to THORChain for comment. The protocol had not publicly verified the exploit at the time of publication, though ZachXBT and PeckShield flagged suspicious activity, and THORChain alerts showed trading and signing had been halted.
Thorchain exploiter-tagged wallet. Source: Arkham
RUNE price falls 13% after suspected exploit
THORChain’s RUNE token fell by around 13% following the suspected exploit and traded near $0.51 at the time of writing, as reported by CoinGecko data.
RUNE/USD, one-day chart. Source: CoinGecko
The latest correction adds additional pressure to the token’s price action, which is down 72% during the past year.
Related: Kelp DAO exploit prompts DeFi protocols to rethink oracle providers
As a non-custodial cross-chain protocol, THORChain has repeatedly been used by malicious actors to swap stolen funds, though it is not a cryptocurrency mixer like Tornado Cash.
Earlier in April, the attacker behind the $293 million Kelp DAO exploit swapped 75,700 Ether (ETH) through THORChain, generating about $910,000 in revenue for the protocol.
The majority of the $1.4 billion stolen during the Bybit hack, or about $1.2 billion, was also moved through THORChain by hackers, who swapped it from Ether to Bitcoin, as reported by Bybit co-founder and CEO Ben Zhou.
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.
- Hacks
- Hackers
- THORChain
- DeFi
- Scams
- Scams & Cybercrime
More on the subject
Crypto losses from North Korea hackers in 2025 rose 51% YoY: Report
19 hours ago
Vince Quill
Tether’s T3 Crime Unit says it has frozen $450M in suspected illicit crypto
May 14, 2026
Christina Comben
Kelp DAO eyes reopening withdrawals after rsETH burn
May 13, 2026
Martin Young
Crypto losses from North Korea hackers in 2025 rose 51% YoY: Report
19 hours ago
Vince Quill
Tether’s T3 Crime Unit says it has frozen $450M in suspected illicit crypto
May 14, 2026
Christina Comben
Kelp DAO eyes reopening withdrawals after rsETH burn
May 13, 2026
Martin Young
