$10M Gone: Thorchain Exploit Triggers Security Fears Across DeFi

bitcoinistPublicado a 2026-05-17Actualizado a 2026-05-17

Resumen

Blockchain tracker Arkham Intelligence has identified wallets linked to a THORChain exploit, holding approximately $3 million in Bitcoin and 216 ETH. On-chain investigator ZachXBT first reported the suspicious activity, estimating total losses now exceed $10 million. The attackers moved assets like USDT, USDC, and wrapped Bitcoin across multiple chains before converting to ETH. The cross-chain trading protocol was hit simultaneously on Bitcoin, Ethereum, BNB Chain, and Base. Security firm PeckShield confirmed the breach. Following the news, THORChain's native token RUNE dropped nearly 14%. The project's team had not issued a public statement at the time of reporting, increasing market anxiety. This incident highlights the recurring vulnerability of cross-chain infrastructure in DeFi, where complex code can create significant security risks. The stolen funds remain in the identified wallets for now.

Blockchain tracking firm Arkham Intelligence has labeled a set of suspicious wallets as “THORChain Exploiter” addresses, with one Bitcoin-linked wallet holding close to 36.85 BTC — worth roughly $3 million — and a separate Ethereum wallet carrying around 216 ETH. The funds are sitting there, visible on-chain, linked to two addresses that security researchers have already flagged publicly.

Who Found It First

The person who spotted the attack before anyone else did was on-chain investigator ZachXBT. He reported suspicious movement tied to THORChain’s router infrastructure, describing how attackers shifted roughly $7.2 million in assets — including USDT, USDC, and wrapped Bitcoin — across several blockchains before converting them into ETH.

His initial estimate of losses above $7.4 million was later revised upward. The total stolen, according to ZachXBT, may now exceed $10 million.

THORChain is a cross-chain trading protocol that lets users swap crypto assets across different blockchains without relying on a centralized exchange. That design also means its infrastructure touches multiple networks at once — and in this case, that became a vulnerability. The attack hit Bitcoin, Ethereum, BNB Chain, and Base simultaneously.

Security firm PeckShield independently confirmed the breach. Based on their estimates, attackers walked away with around 36.75 BTC worth close to $3 million, along with roughly $7 million more pulled from the Ethereum, BNB Chain, and Base ecosystems.

BTCUSD now trading at $77,926. Chart: TradingView

Markets React, Team Goes Quiet

RUNE, THORChain’s native token, dropped close to 14% in the hours following news of the breach, sliding toward the $0.50 mark as traders moved to cut their exposure. The price drop was fast. The official response was not.

As of reporting, THORChain had not issued a public statement explaining the scope of the exploit or what steps were being taken to address it.

That silence has added to the anxiety in the market. The protocol survived earlier security incidents by tapping into treasury reserves and recovery mechanisms, but without clarity from the team, it is difficult to know whether a similar path is possible this time.

A Pattern That Keeps Repeating

Cross-chain infrastructure has repeatedly been the site of major losses in decentralized finance. Bridges and routing systems that connect different blockchains require complex code — and complex code creates more opportunities for something to go wrong. The THORChain attack fits that pattern.

The stolen assets remain in the flagged wallets for now. Whether they stay there is another question.

Featured image from Unsplash, chart from TradingView

Preguntas relacionadas

QHow much was stolen in the THORChain exploit according to the latest estimate by on-chain investigator ZachXBT?

AAccording to the latest estimate by on-chain investigator ZachXBT, the total stolen amount may exceed $10 million.

QWhich specific blockchains were impacted by the THORChain exploit mentioned in the article?

AThe attack impacted Bitcoin, Ethereum, BNB Chain, and Base simultaneously.

QWhat happened to the price of THORChain's native token (RUNE) following news of the security breach?

AFollowing news of the breach, THORChain's native token (RUNE) dropped close to 14%, sliding toward the $0.50 mark.

QAccording to the article, why is cross-chain infrastructure like THORChain's particularly vulnerable to attacks?

ACross-chain infrastructure is particularly vulnerable because bridges and routing systems require complex code, and complex code creates more opportunities for something to go wrong.

QWhat action had the THORChain team taken regarding the exploit at the time of the article's reporting?

AAt the time of the article's reporting, THORChain had not issued a public statement explaining the scope of the exploit or what steps were being taken to address it.

Lecturas Relacionadas

Supply Chain, Energy, and Bloc Formation: Untangling the Core Threads of 2026 AI Investment

The core thesis for 2026 investment is a shift from traditional growth-inflation analysis towards a geopolitical framework of strategic blocs, supply chain reconfiguration, and capital expenditure (capex) direction. The US is moving from a global guarantor role towards a more bounded "camp system," reshaping trade, security, and technology flows. Key investment themes emerge from this realignment: production-capable US-aligned economies (e.g., Japan, South Korea), regional security focusing on Latin America, and the hard constraint of energy/grid capacity enabling reshoring. Europe's strength lies not in macro growth but in its high-quality "pick-and-shovel" industrial, electrical, and automation exporters serving the global capex cycle. AI remains the central US-China strategic battleground, driving massive investment in compute, power, and manufacturing stacks, with robotics gaining prominence. The investment implication is a rotation away from crowded US mega-cap tech momentum toward global beneficiaries of this restructuring: electrification equipment, industrial automation, energy storage, grid infrastructure, and select non-US markets. 2026 will be defined by investment intensity driven by geopolitical repositioning, not near-term commercial maturity.

marsbitHace 34 min(s)

Supply Chain, Energy, and Bloc Formation: Untangling the Core Threads of 2026 AI Investment

marsbitHace 34 min(s)

Appeals Court Rejects Sam Bankman-Fried Bid For New FTX Trial

A federal appeals court has rejected Sam Bankman-Fried's bid for a new trial, upholding his convictions in the FTX fraud case. The Second Circuit Court of Appeals denied defense claims of an unfair trial, sharply narrowing his legal options. His team could still petition the US Supreme Court. The ruling reinforces the legal precedent from one of crypto's most consequential cases, keeping focus on FTX's collapse, customer losses, and ongoing bankruptcy proceedings. For the market, the decision underscores the lasting impact of FTX on regulatory debates concerning exchange oversight, custody rules, and asset segregation as the industry works to rebuild trust.

bitcoinistHace 39 min(s)

Appeals Court Rejects Sam Bankman-Fried Bid For New FTX Trial

bitcoinistHace 39 min(s)

Apple Also Has to Pay Rent Now

Apple Pays Rent Too: The Two-Way Flow of "Traffic Tax" and "AI Capability Rent" Between Tech Giants For over two decades, Google has paid Apple an estimated $20 billion annually to remain the default search engine on Safari, a "traffic tax" for a critical user entry point. However, in 2026, the direction of this cash flow partially reversed. Apple agreed to pay Google roughly $1 billion per year to license its Gemini AI models, as Apple's own models reportedly struggled with complex tasks. This creates a unique dynamic: Apple acts as the "landlord" in the established search ecosystem, collecting rent from Google for access. Simultaneously, in the emerging AI arena, Apple becomes the "tenant," paying Google for access to cutting-edge AI capabilities it cannot currently match internally. While Apple claims its new models are "distilled" from Gemini outputs and contain "not a drop" of Google's original code, core dependencies remain. Its knowledge base is refined using Gemini's outputs, and its most powerful cloud model runs on Google's infrastructure. Apple has structured the deal as non-exclusive, allowing it to theoretically switch AI suppliers—a hedge against over-reliance. The future hinges on whether advanced AI models become a commodity (cheap and abundant) or remain a concentrated, scarce resource (expensive and controlled by few). Apple is betting on the former, leveraging its massive device ecosystem to be a powerful, choosy customer. If the latter proves true, its bargaining power could erode. This power dynamic is extending to developers. Apple, Google, and WeChat are all pushing for apps to expose their core functions as standardized "actions" or "intents" that their respective AI assistants (Siri, Gemini, WeChat AI) can directly call. The new scarce resource is no longer just app store visibility, but "being selected by the AI." The currency of "rent" has changed from a 30% revenue share to ceding control over how users interact with an app's functions.

marsbitHace 1 hora(s)

Apple Also Has to Pay Rent Now

marsbitHace 1 hora(s)

Missed the SpaceX IPO? WEEX's "First Trade Protection" Lets You Experience US Stock Trading Risk-Free.

With the excitement around SpaceX's recent public listing reigniting interest in the US stock market, Chinese investors face significant challenges accessing compliant and convenient trading channels following regulatory actions against major online brokers. This article explores the available options, highlighting their risks and limitations. Traditional paths for US stock investments remain problematic. Qualified Domestic Institutional Investor (QDII) and Listed Open-Ended Fund (LOF) products, while compliant, suffer from high fees, significant purchase premiums, and a very limited selection of assets. Small, unregulated offshore brokers pose substantial risks, including potential insolvency. While secure, VIP accounts at banks in Hong Kong or Singapore require high minimum deposits (often 1-2 million RMB) and in-person visits, placing them out of reach for most retail investors. The article positions cryptocurrency exchanges, specifically their TradFi (traditional finance on-chain) offerings, as a compelling alternative. Platforms like WEEX are noted for providing access to a wide range of US stocks and ETFs, including SpaceX (SPCXON), through tokenized assets. This method offers advantages such as a single account for both crypto and traditional assets, USDT-based settlement avoiding fiat complexities, flexible leverage, and robust risk management. To attract users, WEEX is promoting a "First Trade Guarantee" campaign. Running from June 15 to July 8 (UTC+8), it features a $30,000 prize pool. Users who trade $500 worth of US stock contracts can qualify for a guarantee on their first eligible trade: 100% loss coverage up to $30 or a 20% bonus on profits up to $30. The campaign is presented as a low-risk opportunity for both crypto natives and traditional investors to experience US stock trading.

marsbitHace 1 hora(s)

Missed the SpaceX IPO? WEEX's "First Trade Protection" Lets You Experience US Stock Trading Risk-Free.

marsbitHace 1 hora(s)

How Difficult is Chip Making? A Division Error Costs 475 Million Dollars

How Hard Is It to Make a Chip? A Division Error Cost $475 Million Chip expert Shi Kan, a researcher at the Chinese Academy of Sciences and a popular tech creator, explains the immense challenges of chip development. Chips are foundational to modern technology, but their creation is extraordinarily difficult. The journey from sand to a functional chip involves complex design and manufacturing, but a critical bottleneck is verification—ensuring the design works flawlessly before costly production. A single, undetected bug can have catastrophic consequences, as illustrated by the infamous 1994 Intel Pentium FDIV bug. A flaw in the floating-point division unit forced a recall costing $475 million. Unlike software, chips cannot be easily patched after manufacture, making "first-time success" paramount. However, industry surveys show only 24% of chip projects achieve this; over three-quarters require at least one costly re-spin due to design flaws. Verification has thus become the dominant phase, consuming up to 70% of the design cycle. The core challenge is a "verification impossible triangle" between high performance, good debuggability, and low cost. Exhaustively verifying a modern CPU core could take 15,000 years with software simulation, or 30 years with advanced hardware emulation—timeframes utterly impractical for development. Despite being essential, verification is often seen as unglamorous "dirty work," receiving less academic attention than fields like AI. Shi and his team are tackling this by developing an agile verification research framework called ENCORE, based on FPGA technology, to improve verification efficiency and debug capability. Beyond research, Shi engages in public science communication through long-form video content, aiming to demystify chip technology, AI, and computer science. He argues for the value of pursuing "hard and long-term" endeavors, whether in the meticulous world of chip verification or in creating substantive educational content, believing such sustained effort is likely the right path forward.

marsbitHace 1 hora(s)

How Difficult is Chip Making? A Division Error Costs 475 Million Dollars

marsbitHace 1 hora(s)

Trading

Spot
Futuros
活动图片