Decentralized cross-chain liquidity protocol THORChain was exploited on Friday, resulting in losses of approximately $10 million across four blockchains. The incident prompted the protocol to pause all trading and signing operations, with the THORChain Mimir governance module activating trading halt and signing halt parameters for about 12 hours and 42 minutes.
Blockchain security firms Cyvers Alert and PeckShieldAlert reported that the attacker drained funds from Bitcoin, Ethereum, BNB Chain, and Base networks. The stolen assets included USDT, USDC, WBTC, DAI, THOR, LUSD, XRUNE, GUSD, AAVE, LINK, FOX, and others. All looted tokens were rapidly converted to Ethereum (ETH) and consolidated into a single address.
On-chain investigator ZachXBT noted the attacker's wallets across Bitcoin, Ethereum, and BSC currently hold 3,443 ETH ($7.77 million), 36.85 BTC ($2.97 million), and 96.6 BNB ($66,000), according to Arkham Intelligence. The combined haul amounts to roughly $10.8 million.
Following the news, the protocol's native token RUNE dropped 12%. The exploit adds to a troubling trend of cross-chain bridge breaches, which have collectively resulted in over $2.8 billion in thefts since 2021, per Chainalysis. A detailed post-mortem identifying the precise attack vector has not yet been released by the THORChain team.
