THORChain Hit by $10 Million Exploit

THORChain, a decentralized cross-chain liquidity protocol, has suffered a significant security breach that resulted in the loss of $10 million. The incident occurred on May 11, 2026, and affected 12,847 wallets across multiple chains, including Bitcoin (BTC), Ethereum (ETH), BNB Chain, and Base.

The attack was made possible by a vulnerability in THORChain's GG20 threshold signature scheme (TSS). This flaw allowed an attacker to gradually leak sensitive vault key data, enabling unauthorized transactions. The attacker drained 36.75 BTC ($3 million) and an additional $7 million in tokens across other chains before trading and outbound signing were paused.

A recovery portal has been launched by THORChain to allow affected users to check their compensation and submit refund claims. The treasury-backed refund pool will cover losses until June 4, after which any unclaimed funds will be rolled over to the protocol's insurance fund. THORChain is working with law enforcement agencies and on-chain analytics firm Outrider Analytics to pursue the attacker and recover stolen assets.

The incident has added downward pressure on THORChain's native token, RUNE, which dropped 11-13% during the attack. The broader market has also been affected, with crypto hacks surging in 2026, including high-profile incidents like KelpDAO's $293 million exploit and Drift Protocol's $280 million breach.