Thorchain halted all trading and signing on Friday after a cross-chain exploit drained roughly $10.8 million across Bitcoin, Ethereum, BSC, and Base. The attacker hit multiple bridges, and the protocol's native token RUNE dropped 12% on the news.
How the exploit worked
The attacker managed to pull funds from four networks in a single cross-chain attack. Thorchain’s architecture — which lets users swap assets across blockchains without wrapping tokens — relies on liquidity pools and signing nodes. The exploit appears to have targeted a flaw in that signing logic, though the team hasn't released a post-mortem yet.
Losses broke down across Bitcoin, Ethereum, BSC, and Base. Roughly $10.8 million total. Not a catastrophic sum by DeFi standards, but the timing isn't great — cross-chain bridges have been under intense scrutiny since last year's string of high-profile hacks.
RUNE takes a hit
RUNE, Thorchain's native asset, fell about 12% in the hours after the halt was announced. The token had been trading in a relatively tight range over the past month, so the drop stands out. Some of that selling is likely panic from users who couldn't withdraw or swap during the pause.
It's unclear whether any of the stolen funds belong to RUNE liquidity providers directly, or if the protocol's treasury will cover losses. Thorchain has a built-in insurance fund, but its size and whether it applies here haven't been disclosed.
What happens now
Thorchain's team has confirmed the halt is in place and that they're investigating. No timeline has been given for a fix or for resuming trading. Users who had pending transactions are stuck until the protocol reopens.
This isn't the first time Thorchain has faced an exploit — the protocol suffered a $8 million attack in 2024 — but the cross-chain vector here is a reminder that the complexity of multi-chain swaps creates surface area attackers are eager to probe. For now, the network is dark, and the community waits for answers.
