THORChain pulled the plug on trading this week after a multi-chain exploit drained roughly $10 million in crypto. The decentralized liquidity protocol shut down swaps and withdrawals across several networks shortly after blockchain sleuth ZachXBT flagged suspicious activity. The token behind the project, RUNE, lost 13% of its value within hours of the halt.
The exploit
ZachXBT — a well-known on-chain investigator — first called attention to the attack. Details remain scarce, but the breach appears to have hit multiple chains simultaneously, exploiting a vulnerability in THORChain's cross-chain infrastructure. The team hasn't released a full post-mortem yet, but they confirmed the pause was necessary to prevent further losses. Investigators are now tracing the stolen funds and trying to identify how the attacker gained access.
Market reaction
RUNE got hit hard. The token fell about 13% after trading resumed on some pairs, though the broader market was relatively stable. The drop reflects the uncertainty around how long the pause will last and whether users will get their funds back. THORChain has seen exploits before — this isn't the first time a vulnerability has forced a shutdown — but the $10 million figure makes this one of the larger incidents for the protocol.
What users experienced
Anyone trying to swap or withdraw assets through THORChain's interface found the service offline. The pause affected the protocol's native chain as well as the bridges to Bitcoin, Ethereum, and other networks. Users on social media reported stuck transactions and confusion about whether their funds were safe. The team has not yet announced a timeline for reopening trading or processing pending withdrawals.
The immediate priority is a security patch and a full audit of the exploited code. THORChain's developers are working with external security firms to review the vulnerability. The stolen $10 million — if not recovered — will add to the tally of cross-chain bridge hacks that have plagued DeFi over the past couple of years. For now, the protocol remains in limbo. The next update from the team will likely clarify how they plan to resume operations and whether any user funds are at risk.
