Table of Contents
ToggleCross- chain liquidity protocol THORChain was attacked simultaneously across multiple chains on Friday (May 15). On-chain detective ZachXBT and security firm PeckShield detected suspicious fund movements on four chains—Bitcoin, Ethereum, BNB Chain, and Base—almost simultaneously, estimating the loss at approximately $10.8 million.
The THORChain team subsequently suspended all transactions and signature operations, and the native token RUNE plummeted by about 12% after the news broke.
According to on-chain tracking, the wallet associated with the attacker currently holds approximately 3,443 ETH, 36.85 BTC, and 96.6 BNB. The simultaneous compromise across four chains indicates that the attacker targeted not a single chain's contract vulnerability, but rather a common weakness in THORChain's cross-chain routing layer.
At least the third major safety incident
This is not the first time THORChain has been attacked. In July 2021, THORChain suffered two attacks within a week, resulting in losses of approximately $5 million and $8 million respectively. The attackers in the second attack even claimed in the transaction's accompanying message that it was to "teach the team a lesson." Including this incident, THORChain has experienced at least three major security incidents in recent years.
As of press time, THORChain has not released a post-mortem report, and the attack vector is still under investigation. For a protocol that manages multi-chain liquidity pools, each outage means a disruption of the cross-chain exchange pipeline, directly impacting aggregators and front-ends that rely on its routing.
More than 2.8 billion magnesium has been stolen from cross-chain bridges.
Cross-chain bridges and liquidity protocols have consistently been a major target for DeFi security breaches. Since 2021, these protocols have suffered over $2.8 billion in losses, ranging from $625 million with Ronin Bridge to $320 million with Wormhole, repeatedly making cross-chain infrastructure a prime target for attackers. The reason is easy to understand: cross-chain protocols must maintain state consistency across multiple chains simultaneously, inherently resulting in a much larger attack surface compared to single-chain contracts.
Four chains, emptied out in one go, ten million US dollars. THORChain's trading halt has stopped the bleeding, but until the post-mortem emerges, the market won't know how deep the wound is, nor whether there will be another cut.
Frequently Asked Questions
How much did THORChain lose in this hack?
The attack, valued at approximately $10.8 million, spanned four blockchains: Bitcoin, Ethereum, BNB Chain, and Base. The attacker's wallet currently holds approximately 3,443 ETH, 36.85 BTC, and 96.6 BNB, and the protocols have urgently suspended all transactions.
Has THORChain experienced any safety incidents before?
Yes. In July 2021, THORChain suffered two attacks within a week, resulting in losses of approximately $5 million and $8 million respectively. Including this incident, there have been at least three major security incidents in recent years, with over $2.8 billion stolen from cross-chain bridges since 2021.
Related reports
DeFi Becomes a Hacker's Backyard? 13 Attacks in One Month, $630 Million Lost
