THORChain confirmed a $10 million exploit this week and quickly launched a recovery portal that lets affected users revoke malicious approvals and claim refunds. The portal covers four blockchain networks, though the team hasn't named which ones — or detailed how the attacker drained the funds.
What the portal does
The recovery site is live now. Users who interacted with THORChain during the exploit window can connect their wallets, revoke any approvals the attacker abused, and submit a refund claim. The team says refunds will be processed on-chain, but hasn't given a timeline for payouts.
Cross-chain liquidity protocols are a favorite target because a single exploit can cascade across multiple networks. THORChain's decentralized model means there's no central treasury to freeze — so the recovery portal is the main way to limit damage. The $10 million figure is modest by crypto standards, but the speed of the response matters more for user trust.
What we don't know yet
THORChain hasn't published a post-mortem or named the specific vulnerability. The four blockchains listed on the portal suggest the exploit touched a range of assets. Without a detailed breakdown, other projects using similar cross-chain infrastructure are left guessing whether they're exposed to the same bug.
Next steps
The THORChain development team says it will release a full incident report after the recovery window closes. No deadline for that report has been set. For now, users who were active on THORChain in the past week should check the portal — even if they don't think they lost funds, a lingering approval could still be dangerous.
