Early estimates suggest that more than $10 million may have been stolen, although the exploit has not yet been officially confirmed. The incident only adds to a series of previous operational and security issues surrounding the protocol. THORChain Hit by Suspected Exploit Cross-chain liquidity protocol THORChain temporarily paused trading activity after blockchain investigators raised concerns over a suspected exploit that may have impacted multiple blockchain networks, including Bitcoin, Ethereum, BNB Smart Chain, and Base. The incident was first pointed out by well-known on-chain security researchers ZachXBT and PeckShield , who identified suspicious wallet activity tied to alleged theft addresses operating on Bitcoin and EVM-compatible chains. Early estimates suggest that the exploit may have resulted in losses of more than $10 million, although investigators made it clear that the attack had not yet been fully confirmed at the time of reporting. The latest disruption only adds to a growing list of operational and security-related challenges that have surrounded THORChain over the past two years. The protocol is designed to facilitate decentralized cross-chain swaps without intermediaries, but it has come under scrutiny because of its role in facilitating large asset transfers between different blockchain ecosystems. While this functionality has made THORChain one of the more well known decentralized cross-chain liquidity networks in the crypto sector, it also attracted attention from security analysts and regulators concerned about the movement of illicit funds. The suspected exploit follows a particularly difficult period for the protocol. In January of 2025, THORChain halted its ThorFi lending operations after insolvency concerns surfaced in the community. Validators later implemented a 90-day restructuring plan to stabilise the platform’s operations and restore confidence among users. During that process, the protocol addressed a reported $200 million debt crisis by converting defaulted liabilities into a newly created equity-style token structure. THORChain also repeatedly appeared in investigations involving hacked or stolen crypto funds moving across chains. One of the bigger incidents occurred in September 2025 when THORSwap announced a bounty after approximately $1.2 million was stolen from the personal wallet of THORChain founder John-Paul Thorbjornsen. ZachXBT later linked the activity to suspected North Korean hacking groups. More recently, the protocol was again thrust into the spotlight after the Kelp DAO hack, where stolen ETH was reportedly bridged into Bitcoin through THORChain. The incident contributed to a major spike in the network’s daily transaction volume, which reportedly climbed to approximately $394 million in a single day.