What happened to Thorchain (CRYPTO:RUNE) after the vault exploit?

Thorchain suffered an estimated $10 million to $11 million exploit after attackers manipulated its vault churn process. The breach affected vault activity across Bitcoin, Ethereum, BNB Smart Chain, and Base. Node operators responded by activating an emergency halt on affected network functions.

Why did Thorchain halt swaps and vault activity?

Thorchain halted swaps, vault churning, and signing activity to stop further damage while investigators reviewed the exploit. The emergency halt was triggered through the protocol’s Mimir governance settings. RUNE transfers on the native chain continued in a limited capacity.

How much crypto was stolen from Thorchain?

The stolen assets included about 3,443 ETH worth around $7.77 million, 36.85 BTC worth about $2.97 million, and 96.6 BNB worth roughly $66,000. Early reports also mentioned 798,000 USDC and other tokens. Total estimated losses later rose to around $10 million to $11 million.

How did the Thorchain exploit affect RUNE (CRYPTO:RUNE)?

RUNE fell between 12% and 15% within hours of the first public alert. The token dropped from around $0.58 to roughly $0.50 across major exchanges. That move shows traders quickly priced in security risk and uncertainty around the protocol’s recovery.

What is a Thorchain vault churn attack?

A vault churn is a normal Thorchain process where node operators rotate and assets move between vaults. Attackers reportedly poisoned that process by inserting malicious addresses. That tricked the system into approving transfers that should not have been authorised.

Thorchain pauses network after $11m vault exploit hits

Written by Isaac FrancisPublished May. 15 2026Last Updated May. 15 2026

Thorchain has suffered an estimated $10 million to $11 million exploit after attackers manipulated its vault churn process across several major blockchains.

The incident took place on Friday and affected vaults connected to Bitcoin, Ethereum, BNB Smart Chain, and Base.

Onchain investigator ZachXBT first raised the alarm through his Telegram channel, with early estimates placing losses above $7.4 million.

Later assessments lifted the estimated damage as investigators tracked more stolen assets linked to the compromised vault activity.

The attack targeted Thorchain’s vault churn process, which normally helps rotate node operators and redistribute assets during routine network operations.

Attackers reportedly inserted malicious addresses into the process and caused the protocol to approve transfers that should not have gone through.

The stolen assets included about 3,443 ETH worth around $7.77 million and 36.85 BTC valued at roughly $2.97 million.

The exploit also involved around 96.6 BNB worth about $66,000 and other tokens, including early reports of 798,000 USDC.

Security teams publicly flagged three theft addresses across Bitcoin and Ethereum to help track the stolen funds.

Thorchain node operators reacted by activating the protocol’s decentralised global emergency halt through its Mimir governance settings.

The halt stopped swaps, vault churning, and signing activity on the affected chains from around block 26190429.

RUNE transfers on Thorchain’s native chain continued in a limited form while the wider response remained active.

RUNE, the protocol’s native token, dropped between 12% and 15% within hours of the first public alert.

The token fell from about $0.58 to nearly $0.50 across major exchanges as traders reacted to the exploit.

Liquidity providers and users now face a waiting period while investigators and security firms monitor the flagged wallets.

PeckShield and Cyvers are among the firms watching the addresses connected to the incident.

At the time of reporting, Thorchain’s official X account had not issued a public statement about the exploit.

The protocol had also not released a formal post-mortem explaining the full cause, impact, or recovery plan.

The stolen funds appeared largely unmoved from the identified addresses while the investigation continued.

Thorchain has faced major security incidents before, including July 2021 attacks on its ETH router that drained millions of dollars.

The team later covered those earlier losses through its treasury and paused the protocol to apply fixes.

The latest exploit appears different in method but again places attention on Thorchain’s vault migration and asset-handling process.

Thorchain’s design avoids a single admin key, uses more than 90 decentralised nodes, and does not rely on wrapped assets.

That structure reduces some centralised risks, but the latest attack shows that its churn mechanism may still carry serious exposure.

The protocol also attracted scrutiny in 2025 and early 2026 after funds linked to major hacks moved through its system.

Those flows generated fees for Thorchain, but they also drew criticism from compliance analysts and blockchain security researchers.

Investigations remain active, and users have been advised to avoid interacting with the protocol until operations resume and confirmed details emerge.

Further updates are expected through Thorchain’s documentation pages, its official X account, and the Midgard API once the situation becomes clearer.

At the time of reporting, Bitcoin price was $80,492.45.