THORChain loses $10.8M in hacker attack
Following the incident, the project temporarily halted trading operations and node activity.
15.05.2026 - 13:05
75
2 min
0
Key points:
- THORChain was hit by an exploit with estimated losses of roughly $10.8 million.
- The project temporarily suspended trading and transaction signing operations after the attack.
- RUNE fell about 12% following the breach, while the investigation into the exploit remains ongoing.
Cross-chain liquidity protocol THORChain suffered a hacker attack that resulted in estimated losses of approximately $10.8 million. The exploit affected deployments across four different blockchains.
After detecting the attack, the project team suspended trading operations and transaction signing functions. Blockchain investigator ZachXBT first reported the incident on Telegram.
According to Arkham Intelligence, wallets linked to the suspected attacker currently hold:
- 3,443 ETH worth around $7.77 million,
- 36.85 BTC valued at approximately $2.97 million,
- 96.6 BNB worth about $66,000.
THORChain’s governance module Mimir triggered an emergency network shutdown. Network nodes were temporarily paused for more than 12 hours starting from block 26190429.
Following the news, the RUNE token dropped by roughly 12%.
Cross-Chain Protocols Remain a Prime Target for Hackers
THORChain is a decentralized liquidity network that allows users to swap native assets across different blockchains without relying on centralized intermediaries.
However, cross-chain bridges and liquidity protocols remain among the most vulnerable sectors in DeFi. According to Chainalysis, losses tied to attacks on such services have exceeded $2.8 billion since 2021.
The issue continues to affect the broader crypto industry. In April alone, restaking protocol KelpDAO and decentralized exchange Drift Protocol suffered combined losses of more than $600 million from separate attacks.
THORChain has not yet released a technical post-mortem or disclosed the suspected attack vector behind the exploit.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Incidents
The apps use phishing and malicious installs to steal user funds.
Apr 23, 2026
Cryptocurrency rates
-
Bitcoin
$60 813
BTC
+0.49%
-
Ethereum
$1 561.27
ETH
-1.41%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.1
XRP
+0.1%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.081707
DOGE
+0.53%
-
Stellar XLM
$0.206732
XLM
+11.12%
-
Zcash
$355.28
ZEC
+9.66%
-
Cardano
$0.158538
ADA
+0.62%
-
Polkadot
$3.32
DOT
+5.27%