THORChain paused trading after ZachXBT flagged a suspected $10 million exploit affecting Bitcoin, Ethereum, BNB Chain, and Base.
Decentralized liquidity protocol THORChain halted trading after blockchain investigator ZachXBT identified a suspected exploit involving more than $10 million.
A THORChain alerts Telegram channel showed that all trading and signing activity had been halted, with a global node pause extended until block 26191149, or approximately 12 hours and 42 minutes. The suspension came shortly after ZachXBT stated that the protocol was likely exploited across Bitcoin, Ethereum, BNB Chain, and Base.
A wallet identified by Arkham as the THORChain exploiter was shown to hold $10.8 million in assets, with funds transferred through several smaller transactions during the 30 minutes leading up to 10:11 am UTC.
The suspected exploit has added to growing security concerns surrounding decentralized finance (DeFi) protocols, after more than $634 million was stolen by hackers during April. According to data from DefiLlama, the figure marked the highest monthly total since February 2025, when losses reached $1.46 billion following the record-breaking $1.4 billion hack on Bybit.
The protocol had not publicly confirmed the suspected exploit at the time of publication, although suspicious activity was flagged by ZachXBT and PeckShield, while THORChain alerts indicated that trading and signing activity had been halted.
RUNE Drops 13% Following Suspected THORChain Exploit
RUNE, the native token of THORChain, fell around 13% following the suspected exploit and was trading near $0.51 at the time of writing, according to data from CoinGecko.
The latest correction has added further pressure to the token’s price performance, with the asset remaining down 72% over the past year.
As a non-custodial cross-chain protocol, THORChain has repeatedly been used by malicious actors to swap stolen funds, although it does not operate as a cryptocurrency mixer like Tornado Cash.
Earlier in April, the attacker behind the $293 million Kelp DAO exploit swapped 75,700 Ether (ETH) through THORChain, generating roughly $910,000 in revenue for the protocol.
The majority of the $1.4 billion stolen during the Bybit hack — approximately $1.2 billion — was reportedly moved through THORChain by hackers, who converted the funds from Ether to Bitcoin, according to Bybit co-founder and CEO Ben Zhou.
