Decentralized cross-chain liquidity protocol THORChain was exploited for approximately $10.8 million on Friday, with the attack affecting deployments on four different blockchains.
In response, the protocol has halted all trading and signing activities, according to on-chain researcher ZachXBT on Telegram.
The attacker’s wallets, identified in Bitcoin, Ethereum and BSC, currently contain 3,443 ETH worth $7.77 million, 36.85 BTC worth $2.97 million and 96.6 BNB worth $66,000, according to Arkham Intelligence.
Thorchain’s Mimir governance module has converted the trading halt and signing freeze parameters to active, with a node pause of approximately 12 hours and 42 minutes from block 26190429.
RUNE, the protocol’s native token, fell 12% on the news.
Thorchain operates as a decentralized cross-chain liquidity network, allowing users to natively exchange assets across different blockchains without having to wrap or bridge a centralized intermediary.
Crypto exploits have remained a persistent feature of the industry. In April alone, the decentralized perpetual exchange Drift Protocol and the liquid-restaking protocol KelpDAO were together responsible for more than $600 million in losses.
Cross-chain bridges and liquidity protocols have historically been the most exploited category in DeFi, with more than $2.8 billion in cumulative bridge-related theft since 2021 according to Chainalysis.
The protocol has not yet published a post-mortem identifying the specific attack vector.