crypto·it fr es zh

THORChain launches $10M exploit recovery portal

0h ago|2 min read2Quick Read

Fazen Markets Editorial Desk

Collective editorial team · methodology

THORChaincrypto-exploitcross-chaindefi-securityhack-recovery

Sponsoredby Fazen Capital

Vortex HFT — Free Expert Advisor

Trades XAUUSD 24/5 on autopilot. Verified Myfxbook performance. Free forever.

Myfxbook verified No subscription 24/5 automated

Get Free EA

Risk warning: CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. The majority of retail investor accounts lose money when trading CFDs. Vortex HFT is informational software — not investment advice. Past performance does not guarantee future results.

Key Takeaways

1THORChain is using its treasury to make users whole after a $10 million third-party exploit, setting a precedent for decentralized protocol liability.

Partner

Trade Bitcoin, Ethereum & 600+ Cryptocurrencies on Bybit

600+ Cryptos Up to 200x Leverage

Trade Crypto on Bybit

Cryptocurrency trading involves significant risk. Only trade with funds you can afford to lose.

THORChain announced on 16 May 2026 that it suffered a $10 million exploit involving malicious token approvals. The decentralized cross-chain liquidity network has launched a dedicated recovery portal, allowing affected users across four blockchains to revoke the approvals and claim refunds for lost assets.

How the THORChain exploit happened

The incident stemmed from a vulnerability in a third-party liquidity provider's code. This allowed an attacker to deceive users into granting unlimited token approvals for specific assets. The attacker then drained funds from wallets that had granted these approvals. The exploit targeted users on Ethereum, Avalanche, BNB Chain, and Arbitrum. THORChain's core protocol and network reserves were not compromised in the attack.

What the recovery portal does

The newly launched recovery portal at thorchain.org/recover enables users to connect their wallets and check for malicious approvals. Users can then revoke those approvals directly through the portal's interface to prevent further loss. For users who already lost funds, the portal provides a streamlined claim process to receive a refund in the original token. The recovery is funded by the THORChain treasury and its ecosystem reserve.

Which assets and chains were affected

The exploit impacted a subset of popular ERC-20 tokens, including stablecoins and wrapped assets. THORChain has not published a full list of every affected token, advising all users to check the portal. The four connected chains—Ethereum, Avalanche, BNB Chain, and Arbitrum—represent the primary deployment zones for THORChain's cross-chain routers. The total confirmed loss stands at approximately $10 million across these ecosystems.

The security response and timeline

THORChain's core development team identified the exploit vector and disabled the vulnerable component within hours. The team then coordinated with centralized exchanges to trace and potentially freeze some of the stolen funds. The recovery portal was deployed within 48 hours of the initial incident report. This rapid response contrasts with some historical DeFi hacks where recovery took weeks or never occurred.

Risks for the THORChain ecosystem

The exploit highlights persistent risks in cross-chain bridging and third-party integrations, even for established protocols. While the treasury-backed recovery mitigates user losses, it represents a direct financial drain on the protocol's shared resources. Some critics argue that automatic refunds could create moral hazard, reducing the incentive for users to conduct their own security diligence. The event may temporarily dampen user confidence in novel cross-chain interactions.

How do I check if I'm affected?

Connect your wallet to the official recovery portal at thorchain.org/recover. The site will scan for any malicious approvals granted to the exploit contract address. The process is read-only and does not require signing a transaction for the initial check. If affected, you will see the option to revoke approvals and file a claim.

Will this affect RUNE token price?

The immediate market impact was a 5% decline in the price of RUNE following the news. Long-term price effects will depend on whether the swift recovery rebuilds trust or highlights systemic vulnerabilities. The use of treasury funds for reimbursement does create selling pressure, as some assets may be liquidated to cover claims.

Is my liquidity provider position safe?

Liquidity provided directly to THORChain's native pools was not at risk. The exploit only affected users who interacted with a specific third-party aggregator front-end. Users who only provided liquidity through the official THORChain interface or major integrated wallets like Trust Wallet or XDEFI were not exposed to this particular vulnerability.

Bottom Line

THORChain is using its treasury to make users whole after a $10 million third-party exploit, setting a precedent for decentralized protocol liability.

Disclaimer: This article is for informational purposes only and does not constitute investment advice. CFD trading carries high risk of capital loss.

Trade XAUUSD on autopilot — free Expert Advisor

Vortex HFT is our free MT4/MT5 Expert Advisor. Verified Myfxbook performance. No subscription. No fees. Trades 24/5.

Get Free EA on Telegram

Trade the assets mentioned in this article

Trade on Bybit

Stay informed

Get market analysis delivered to your inbox.

Join 18,500+ investors

Ready to trade the markets?

Open a demo account in 30 seconds. No deposit required.

Demo Account Live Account

CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

crypto3 min

Bitcoin Falls to $78,000 After $550M Long Liquidation