THORChain | Crypto

THORChain’s suspected multichain exploit and emergency halt on May 15 has turned into another DeFi security incident, and another test of cross-chain trust. Emergency controls moved through chain-specific halts, Halt All Trading, Halt Signing, Halt Chain Global, Halt Churning, and repeated global node-pause updates. One public alert described the likely exploit affecting Bitcoin, Ethereum, BSC, and Base, […] The post THORChain exploit turns emergency chain halt into a DeFi trust test appeared first on CryptoSlate.

THORChain has launched a recovery portal following a $10 million exploit, allowing affected users across four chains to revoke malicious approvals and claim refunds. THORChain has confirmed a $10 million exploit and launched a recovery portal, giving affected users a self-custodial path to revoke malicious token approvals and submit refund claims backed by a treasury-provisioned refund pool of equal size. In a Saturday post on X, THORChain Foundation introduced the recovery portal, saying that “affected users are now able to check what they will be paid as compensation following the exploit.” The portal, citing a PeckShield post-mortem, claims that the attack was detected at 02:14 UTC on May 11, when node operators flagged anomalous outbound transactions. Trading and outbound signing were paused within eight minutes. In total, attackers drained 36.75 BTC, worth around $3 million, and approximately $7 million in tokens across BNB Chain, Ethereum and Base, hitting 12,847 wallets across four chains. Read more

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after blockchain investigator ZachXBT flagged a suspected exploit of more than $10 million. A THORChain alerts Telegram channel showed all trading and signing halted, with a global node pause extended until block 26191149, or roughly 12 hours and 42 minutes. The halt came shortly after ZachXBT said the protocol had likely been exploited across Bitcoin, Ethereum, BNB Chain and Base. A wallet labeled by Arkham as the THORChain exploiter showed $10.8 million in holdings, transferred across several smaller transactions in the 30 minutes before 10:11 am UTC. Read more

The wallet linked to the Kelp DAO exploit appears to have laundered most of the $175 million worth of stolen Ether, while another $71 million remains frozen by Arbitrum’s security council. The exploiter behind the roughly $293 million Kelp DAO hack appears to have laundered nearly all of the unfrozen Ether stolen in the attack, narrowing recovery efforts to the tranche Arbitrum’s security council managed to freeze. The Kelp Dao hacker appears to have laundered nearly all of the 75,700 Ether (ETH) stolen from the protocol on Saturday. The hacker primarily used the THORChain to swap the Ether for Bitcoin (BTC), generating about $910,000 in fee revenue for the protocol, according to blockchain analyst EmberCN in a Thursday X post. The attacker began moving the funds on Tuesday, sending roughly 75,700 ETH, worth about $175 million at the time, into newly created wallets before routing the assets through THORChain and privacy protocol Umbra. Arkham data showed the attacker’s tagged main wallet had been largely emp...

THORChain’s first quarter of 2025 was defined by volatility, volume, and a pivotal reset. While RUNE’s price fell sharply and DeFi TVL contracted, protocol usage surged during market-wide dislocations, including a record $1.05 billion in single-day volume tied to the Bybit exploit. At the same time, THORChain initiated its most significant internal reform to date, passing Proposal 6 to unwind THORFi liabilities without inflating RUNE supply. Amid uncertainty, affiliate volume hit an all-time high, native deposits grew, and the protocol doubled down on its core mission: powering cross-chain swaps at scale.