THORChain, a cross-chain liquidity protocol, has become the latest victim of a hack, as hackers stole approximately $10 million in crypto from its DEX interface.
On-chain data show that the bad actors have siphoned the stolen loot across supported chains, including Bitcoin, Ethereum, BNB Chain, and Base.
On-Chain Verification of THORChain Security Breach
The exploit was first flagged by on-chain sleuth ZachXBT through his Telegram community. An initial notice indicated that the cross-chain protocol was likely exploited for $7.4 million. However, the losses have now totaled $10.7 million.
A closer look at the wallets shows exactly how the stolen funds were transported. Here are the wallet addresses owned by the attacker:
Exploiter’s address 1:
0x82fc0d5150f3548027e971ec04c065f3c93154eb
Exploiter’s address 2:
bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37
Exploiter’s address 3:
0xd477b69551f49C0519F9B18c55030676138890Bd
The bad actor stole 36.75 BTC (worth approx. $3 million) and $7.7 million in crypto across BNB Chain, Base, and Ethereum.
Another Week, Another Hack
Two hours into the attack, THORChain halted trading operations on its DEX.
The project team acknowledged the breach more than five hours after it occurred. The announcement noted that one of THORChain’s Asgard vaults, which holds cross-chain assets such as BTC and ETH via validator nodes, was the only vault compromised.
Validator nodes securing the affected vault had their bonded RUNE tokens slashed during the incidents.
THORChain noted that users’ funds were unaffected in this exploit. Rather, “only protocol owned funds are affected.”
At the time of writing, the project has yet to recover the stolen funds.
Important Announcement
Trading on THORChain is currently halted after a vault was compromised. Initial indications are user funds are safe and only protocol owned funds are affected.
The network automatically detected abnormal behavior and halted signing activity, which alerted…
— THORChain (@THORChain) May 15, 2026
Meanwhile, THORChain’s RUNE token has dropped by over 11% to $0.512 at press time.
Sadly, this would be the third time THORChain has been hacked. The first two incidents occurred in July 2021. At the time, approximately $5 million and $8 million were siphoned from the protocol in separate attacks. The first hacker exploited a vulnerability in the protocol’s ETH router.
Only a week later, the second hacker, a white-hat hacker, attacked the project’s cross-chain bridge, the Bifrost Protocol. The white-hat hacker returned the funds in exchange for 10% bounty. They also urged the THORChain team to ensure their code undergoes proper security audits rather than launching it quickly, especially after losing $5 million a week earlier.
The latest exploit adds to the long list of DeFi hacks. Recall that last month, Drift Protocol and KelpDAO made headlines after losing $285 million+ and $292 million, respectively.
Ephraim Emmanuel | May 15, 2026
Jonathan Agozie | May 14, 2026
