Timothy Morano
Might 16, 2026 10:18
THORChain confirms $10M hack affecting 12,847 wallets. Restoration portal dwell for claims; treasury-backed refunds out there till June 4.
THORChain, the decentralized cross-chain liquidity protocol, has launched a restoration portal following a confirmed $10 million exploit on Might 11, 2026. The breach impacted 12,847 wallets throughout Bitcoin (BTC), Ethereum (ETH), BNB Chain, and Base. The portal, dwell as of Might 16, permits affected customers to verify their compensation and submit refund claims, supported by a treasury-funded refund pool of equal dimension.
The incident, revealed through a PeckShield autopsy, was traced to a vulnerability in THORChain’s GG20 threshold signature scheme (TSS). This flaw reportedly allowed an attacker to steadily leak delicate vault key information, in the end enabling unauthorized transactions. The attacker drained 36.75 BTC (roughly $3 million) and a further $7 million in tokens throughout different chains. Buying and selling and outbound signing had been paused inside eight minutes of detection, minimizing additional losses.
Refund Portal and Subsequent Steps
Affected customers have till June 4, 2026, to submit their claims by the portal. Any unclaimed funds post-deadline will roll over to the protocol’s insurance coverage fund. THORChain has said that its treasury is working with on-chain analytics agency Outrider Analytics and regulation enforcement companies to pursue the attacker and get better stolen belongings.
Preliminary investigations recommend the attacker could also be linked to a just lately churned node that joined the community shortly earlier than the exploit. On-chain connections between the node’s bonding addresses and wallets receiving stolen funds additional bolster this concept.
Affect on RUNE and the Market
The exploit added downward strain on THORChain’s native token, RUNE, which dropped roughly 11–13% through the incident. This decline displays broader market considerations over recurring safety vulnerabilities in DeFi protocols, particularly as cross-chain bridges and TSS implementations have turn out to be frequent assault vectors. As of Might 16, RUNE traded at $0.4382, down 0.14% over the previous 24 hours, with a market cap of $157 million.
Crypto hacks have surged in 2026, with April alone witnessing $630 million in losses—the worst month since February 2025. Excessive-profile incidents like KelpDAO’s $293 million exploit and Drift Protocol’s $280 million breach have pushed the majority of those losses, underscoring the rising complexity of DeFi assaults. THORChain’s newest incident provides to those industry-wide challenges, notably as attackers more and more exploit operational vulnerabilities over easy sensible contract bugs.
THORChain’s Position in DeFi
Regardless of its safety hurdles, THORChain stays a cornerstone of decentralized finance, enabling native cross-chain swaps with out reliance on wrapped tokens or centralized intermediaries. The protocol has expanded its ecosystem considerably, integrating with over 10 blockchains and supporting native Solana (SOL) swaps as of February 2026. Its SDKs, together with XChainJS and SwapKit, energy integrations with wallets, aggregators, and decentralized exchanges, solidifying its place as crucial DeFi infrastructure.
Nonetheless, this newest exploit highlights the inherent dangers in permissionless cross-chain operations. For merchants and liquidity suppliers, the incident serves as a reminder to observe not simply protocol progress but in addition its skill to implement strong safety measures.
Because the restoration portal stays energetic till June 4, the group shall be watching intently to see how successfully THORChain can compensate customers and rebuild belief.
Picture supply: Shutterstock
