● NFT LIVEVol 24h: $1.5MFloor Avg: 9.62 ETHTop Chain: ETHEREUM
Bored Ape Yacht Club 9.81 ETH ▼ 0.8%CryptoPunks 30.6 ETH ▲ 3.1%Mutant Ape Yacht Club 1.58 ETH ▲ 2.1%Azuki 1.09 ETH ▲ 0.1%Pudgy Penguins 5 ETH ▲ 0.9%Bored Ape Yacht Club 9.81 ETH ▼ 0.8%CryptoPunks 30.6 ETH ▲ 3.1%Mutant Ape Yacht Club 1.58 ETH ▲ 2.1%Azuki 1.09 ETH ▲ 0.1%Pudgy Penguins 5 ETH ▲ 0.9%
thorchain reported exploit multiple blockchains thumbnail

THORChain Hit by Reported Exploit Affecting Multiple Blockchains

THORChain suffered two back-to-back exploits targeting its ETH Router, resulting in approximately $8 million in losses and raising questions about cross-chain vulnerability in decentralized exchange infrastructure.

Confirmed damage was limited to Ethereum assets

THORChain’s official post-mortem confirmed that the protocol experienced two sequential exploits on its ETH Router. The first attack drained roughly 4,200 ETH, while the second siphoned economically significant ERC-20 tokens including over 1.67 million USDC.

The protocol stated explicitly that no other chains or assets were affected by the realized exploit. THORChain committed to covering all liquidity provider losses through its treasury, later outlining a roughly $16 million insolvency recovery plan.

Why reports of multi-chain exposure alarmed the market

Despite the confirmed losses being confined to Ethereum, the attacker left a memo suggesting that BTC, BNB, and BEP-20 assets could also have been taken if the exploit had continued. According to unconfirmed reports, this indicated potential wider exposure across THORChain’s cross-chain architecture, though no realized losses on those networks have been documented.

The distinction matters. THORChain’s Bifrost component connects multiple blockchains through a single protocol layer. A vulnerability in how the ETH Router interacted with Bifrost raised concerns that similar attack paths could exist on other chain integrations, even if they were not exploited in this instance.

RUNE fell 16.8% in 24 hours and 43% over 30 days following the exploit news. The sell-off reflected broader unease about protocol security rather than just the immediate dollar losses.

Market Snapshot
Price: 0.51688 | 24h: -11.286420144051242
Research-derived market snapshot prepared because no screenshot-ready supported platform URL was available.

The incident followed a pattern of DeFi security events that have tested user confidence across protocols. Similar concerns about cross-chain risk surfaced when Aave paused rsETH across multiple networks earlier, highlighting how multi-chain architectures create interconnected risk surfaces.

For liquidity providers, the cross-chain dimension of THORChain’s design means a single smart contract flaw can theoretically cascade. This dynamic differs from single-chain protocols where exploit exposure is naturally contained, much like how large institutional investments in crypto platforms carry concentrated counterparty risk.

Recovery steps and what to monitor

THORChain halted affected functionality immediately after the exploits were identified. The protocol pursued code audits and fixes before resuming operations, with treasury-backed remediation for affected LPs forming the core of its recovery plan.

The incident underscores why protocol-level insurance mechanisms and rapid halt capabilities matter for cross-chain infrastructure. As prediction markets and other DeFi verticals expand across chains, the security lessons from THORChain’s ETH Router exploits remain directly relevant.

Chain-specific impact assessments may still evolve as independent security firms complete their reviews. The crypto Fear & Greed Index currently reads 43, reflecting a broader climate of caution that security incidents like this one reinforce.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.