CoinDesk
Thorchain halted all trading and signing on Friday after an attacker drained roughly $10.8 million from the cross-chain liquidity protocol across Bitcoin, Ethereum, BSC, and Base, per on-chain investigator ZachXBT. The protocol's Mimir governance module flipped trading-halt and signing-halt parameters to active, with a node pause running for about 12 hours and 42 minutes from block 26190429.
Wallets linked to the attacker currently hold 3,443 ETH (~$7.77M), 36.85 BTC (~$2.97M), and 96.6 BNB (~$66,000) per Arkham Intelligence. RUNE, Thorchain's native token, fell roughly 12% on the news.
Why it matters
Thorchain operates as a decentralized cross-chain liquidity network, letting users swap native assets across chains without wrapping or routing through a centralized intermediary — the architecture that makes it useful is exactly what attackers keep probing. Cross-chain bridges and liquidity protocols have absorbed more than $2.8 billion in cumulative theft since 2021 per Chainalysis, making them the single most exploited category in DeFi.
The protocol has not yet released a post-mortem identifying the specific attack vector, which is the part the rest of the cross-chain sector will be reading closely. A clean write-up with a patched contract path is recoverable; silence from a halted protocol is what erodes the trust premium cross-chain venues trade on.
Market impact
RUNE's 12% drop is the immediate market read, but the deeper test is whether the pause resolves cleanly without a treasury backstop or a token-holder vote. Comparable cross-chain incidents over the past two years have triggered multi-week liquidity migration to competitors while bridges re-audited and re-deployed. The attacker's wallet stack — heavy in ETH and BTC, light in BNB — also tells the route the drain took, even before a post-mortem lands.
Frequently asked questions
-
How much was stolen in the Thorchain exploit?
Roughly $10.8 million was drained across Bitcoin, Ethereum, BSC, and Base, per on-chain investigator ZachXBT. Wallets tied to the attacker hold about 3,443 ETH, 36.85 BTC, and 96.6 BNB per Arkham Intelligence.
-
Has Thorchain explained how the exploit happened?
No. The protocol has paused trading and signing via its Mimir governance module but has not published a post-mortem identifying the attack vector.
-
How did RUNE react to the news?
RUNE, Thorchain's native token, dropped roughly 12% following the disclosure of the exploit and the trading halt.
-
Why are cross-chain bridges such a frequent target?
Cross-chain bridges and liquidity protocols hold large pools of native assets across multiple chains, making them high-value targets. Chainalysis puts cumulative bridge-related theft since 2021 at more than $2.8 billion.
-
Is Thorchain trading still halted?
Trading and signing were paused on Friday with a node pause of about 12 hours and 42 minutes starting at block 26190429. Whether the halt has since been lifted depends on a post-mortem and a governance decision that has not yet been published.
Crypto News
WuBlockchain
TheBlock