THORChain’s RUNE Token Plunges Double Digits After $10M Exploit, Trading Halt

The liquidity protocol halted operations after blockchain researchers identified a suspected $10 million breach across multiple networks.

By Decrypt AgentEdited by Stephen GravesMay 15, 2026May 15, 20262 min read

Create an account to save your articles.Add on GoogleAdd Decrypt as your preferred source to see more of our stories on Google.

In brief

THORChain suspended all trading after security researchers flagged a suspected multi-chain exploit allegedly affecting Bitcoin, Ethereum, BNB Smart Chain, and Base networks.
Blockchain researcher ZachXBT and security firm PeckShield identified two suspected theft addresses linked to alleged losses exceeding $10 million.
The protocol halted operations while investigating the potential security breach.

THORChain halted trading operations Friday morning after blockchain security researchers identified a suspected exploit allegedly affecting more than $10 million across multiple blockchain networks.

Blockchain researcher ZachXBT and security firm PeckShield traced the suspected breach to two main addresses—one on Bitcoin and another on EVM-compatible chains including Ethereum, BNB Smart Chain, and Base. The researchers' analysis prompted THORChain's immediate defensive response.

#PeckShieldAlert @THORChain has been exploited for ~$10M worth of crypto, including 36.75 $BTC ($3M) and ~$7M worth of assets from #BNBChain, #Ethereum, and #Base.

The stolen funds mainly sit in:
bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37… pic.twitter.com/mhWIWueVPK

— PeckShieldAlert (@PeckShieldAlert) May 15, 2026

The protocol's team has not yet released technical details about the nature of the alleged vulnerability or confirmed the researchers' loss estimates. THORChain's native token RUNE is down 10% on the day to trade at $0.5229, per CoinGecko data.

The suspected exploit occurred during a period of elevated activity on THORChain. The protocol processed $394 million in daily volume when hackers allegedly used it to move stolen funds from the KelpDAO breach between Ethereum and Bitcoin networks.

The protocol suspended its ThorFi lending operations in January 2025 amid insolvency allegations, implementing a 90-day restructuring to address $200 million in defaulted obligations.

Last September, THORSwap issued a bounty after hackers drained $1.2 million from THORChain founder John-Paul Thorbjornsen's personal wallet, with ZachXBT later attributing the attack to North Korean hackers.

Cross-chain protocols continue facing sophisticated attacks as hackers exploit complex bridging mechanisms. DeFi platform TrustedVolumes lost $6.7 million earlier this month, while North Korean hackers stole $2.1 billion in cryptocurrency during 2025, representing 60% of all crypto theft losses, according to security firm CertiK.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

This article was originally published on Decrypt and is republished here under RSS syndication for informational purposes. All rights and intellectual property remain with the original author. If you are the author and wish to have this article removed, please contact us at [email protected].