THORChain Exploited for $10M Across Multiple Blockchains

THORChain suffers a $10 million multi-chain exploit affecting BTC, ETH, and BSC. RUNE price drops 11% as the protocol triggers an emergency halt.

The recent security breach has triggered a fresh wave of concern regarding DeFi infrastructure and the role of THORChain as a vital liquidity bridge between different ecosystems.

Multi-Chain Exploit Hits Bitcoin and EVM Assets

Initial data suggests the attack targeted several blockchain networks simultaneously, including Bitcoin (BTC), Ethereum (ETH), BNB Smart Chain (BSC), and Base. Security researchers, including ZachXBT and PeckShield, were the first to flag unusual transactions and the draining of funds from addresses linked to THORChain.

Early estimates placed the losses at approximately $7.4 million, but subsequent on-chain analysis reveals the total amount of compromised assets now exceeds $10 million. Reports indicate that roughly 36.8 BTC—valued at nearly $3 million—was siphoned off, while the remaining funds consisted of EVM-based assets such as ETH and various tokens on BNB Smart Chain and Base.

In response, THORChain activated a global “emergency halt,” suspending all operations and trading to prevent further liquidity drainage. The market reacted swiftly, with the RUNE token losing roughly 11% of its value, dropping to approximately $0.52.

Analysts believe the attack likely targeted the protocol’s “Asgard vaults”—the core infrastructure for liquidity storage—alongside its cross-chain components.

Renewed Pressure on DeFi Security and Infrastructure

This incident occurs as THORChain was already facing intensified regulatory and market pressure. In recent months, the protocol has been frequently cited in investigations involving large-scale crypto hacks, including the attack on Kelp DAO that resulted in a $292 million loss earlier this April.

Cybersecurity firms are now working to determine if the breach stemmed from a direct vulnerability in the THORChain code or a more sophisticated manipulation of liquidity pool infrastructure. Experts point out that cross-chain protocols remain among the most vulnerable segments of the DeFi ecosystem because they integrate multiple blockchain environments and complex mechanisms.

Security companies are already tracking the primary addresses associated with the theft. A portion of the funds currently sits in a Bitcoin wallet address, while the remaining assets were moved to an EVM-based address that continues to be monitored in real-time by on-chain analysts.

The market’s reaction underscores how sensitive investors remain toward security flaws in decentralized protocols. Although THORChain is one of the largest cross-chain liquidity hubs in the crypto sector, this event will likely intensify the debate over the need for more robust protection mechanisms and aggressive infrastructure audits.

As of now, the THORChain team has not released an official post-mortem report as the investigation continues. Investors and market participants are awaiting clarity on how the attackers bypassed the protocol’s defensive layers and whether further risks persist once trading eventually resumes.