Share this article
Thorchain halts trading after $10 million cross-chain exploit, RUNE token drops 12%
The cross-chain liquidity protocol paused all trading and signing on Friday after an attacker drained roughly $10.8 million across Bitcoin, Ethereum, BSC, and Base.
Updated May 15, 2026, 10:33 a.m. Published May 15, 2026, 10:21 a.m. 1 min read
What to know:
- Thorchain was exploited for about $10.8 million across four blockchains on Friday, prompting the protocol to halt all trading and signing operations.
- Wallets linked to the attacker currently hold roughly 3,443 ETH, 36.85 BTC and 96.6 BNB, while Thorchain’s RUNE token fell about 12 percent following the news.
- Thorchain has not yet released a post-mortem explaining the attack vector, underscoring ongoing security risks for cross-chain bridges and liquidity protocols, which have suffered more than $2.8 billion in thefts since 2021.
Decentralized cross-chain liquidity protocol THORChain was exploited for roughly $10.8 million on Friday, with the attack affecting deployments across four different blockchains.
In response, the protocol paused all trading and signing operations, according to on-chain investigator ZachXBT on Telegram.
The attacker's wallets, identified across Bitcoin, Ethereum and BSC, currently hold 3,443 ETH worth $7.77 million, 36.85 BTC worth $2.97 million, and 96.6 BNB worth $66,000, per Arkham Intelligence.
Thorchain's Mimir governance module flipped trading halt and signing halt parameters to active, with a node pause running for approximately 12 hours and 42 minutes from block 26190429.
RUNE, the protocol's native token, dropped 12% on the news.
Thorchain operates as a decentralized cross-chain liquidity network, letting users swap native assets across different blockchains without wrapping or bridging through a centralized intermediary.
Crypto exploits have remained a persistent feature of the industry. In April alone, decentralized perpetual exchange Drift Protocol and liquid restaking protocol KelpDAO together accounted for over $600 million in losses.
Cross-chain bridges and liquidity protocols have historically been the most exploited category in DeFi, with over $2.8 billion in cumulative bridge-related theft since 2021 per Chainalysis.
The protocol has not yet published a post-mortem identifying the specific attack vector.
More For You
Also: Citi on quantum computing and bitcoin, Jump Crypto’s Firedancer, and Vitalik Buterin on AI verification
What to know:
Welcome to The Protocol, CoinDesk's weekly wrap of the most important stories in cryptocurrency tech development. I’m Margaux Nijkerk, a reporter at CoinDesk.
In this issue:
- ‘What's happening at the EF?’ Ethereum community is looking for answers after high-profile departures
- Bitcoin faces outsized quantum threat as computing breakthroughs accelerate, Citi...
