THORChain Halts Trading After ZachXBT Flags Suspected $10M Exploit

Key Insights

THORChain paused trading after ZachXBT flagged a suspected $10M exploit.
The suspected exploit involved Bitcoin, Ethereum, BNB Chain, and Base.
RUNE fell 13% as traders reacted to the emergency halt and exploit alert.

THORChain halted trading after blockchain investigator ZachXBT warned that the decentralized liquidity protocol may have suffered an exploit exceeding $10 million. The suspected incident affected activity across Bitcoin, Ethereum, BNB Chain, and Base, adding fresh pressure to RUNE as DeFi security concerns continue to rise.

ZachXBT: THORChain Exploit Losses May Exceed $10M

Blockchain investigator ZachXBT issued a community alert stating that THORChain was likely exploited across Bitcoin, Ethereum, BSC, and Base, with losses exceeding $10 million. The protocol subsequently paused trading and… pic.twitter.com/sss1DUfwAA
— Wu Blockchain (@WuBlockchain) May 15, 2026

THORChain pauses trading after exploit alert

THORChain paused trading after ZachXBT issued a community alert about a suspected exploit. The blockchain investigator said the protocol appeared to have been exploited across several networks, including Bitcoin, Ethereum, BNB Chain, and Base.

The protocol later executed a global emergency halt across its network. According to a Telegram announcement, trading was paused for about 12 hours and 42 minutes, until block 26191149.

The halt followed unusual transaction activity linked to a suspected exploiter address. Arkham-labeled wallet data showed about $10.8 million in holdings tied to the address. The funds reportedly moved across several smaller transactions within 30 minutes before 10:11 a.m. UTC.

THORChain Halts Trading After ZachXBT Flags Suspected $10M Exploit — Thorchain Exploiter-Tagged Wallet | Source: Arkham Data

THORChain had not issued a full public explanation at the time of the report. However, several blockchain analytics firms, including Cyvers, PeckShield, and Lookonchain, also flagged the suspected exploit.

RUNE price drops after suspected exploit

RUNE fell sharply after the exploit alert. The token dropped 13% in the 24 hours before 10:20 a.m. UTC, trading slightly above $0.50, according to CoinGecko data cited in the report.

The decline added more pressure to an already weak yearly trend. RUNE is now down about 72% over the past year, showing that the latest security concern came during a difficult period for the token.

Security-related halts often trigger quick selling. Typically, traders will limit their exposure until details of the exploit, targeted assets, and what can be done to resolve the issue are known. In this situation, the market was influenced by uncertainty over the potential cross-chain effect.

The emergency halt may help prevent further losses while developers assess the issue. But the level of confidence will be based on the time that THORChain confirms the incident, determines the cause, and shows a recovery plan.

DeFi security concerns keep rising

Notably, the suspected THORChain exploit comes during a tense period for DeFi security. Hackers stole more than $634 million in April, according to DefiLlama data cited in the report. That marked the largest monthly total since February 2025.

February 2025 remains the peak month after hackers carried out the record $1.4 billion Bybit exchange hack. The latest THORChain case now adds another cross-chain protocol to the growing list of targets.

Cross-chain liquidity systems are still appealing to hackers because of their extensive pools and multiple network structure. These problems with tracing and containment can become more complicated if funds are transferred between chains. This puts a spotlight on the need for monitoring tools, emergency controls, and effective governance responses.

The THORChain halt shows how quickly protocols may need to act when suspicious activity appears. Yet repeated incidents across DeFi continue to test user trust.

THORChain’s laundering history returns to focus

Meanwhile, THORChain is a non-custodial liquidity protocol, not a crypto mixer. Even so, malicious actors have often used it to move stolen funds between assets and networks.

Earlier in April, the attacker behind the $293 million Kelp DAO exploit reportedly laundered 75,700 ETH through THORChain. That activity generated about $910,000 in revenue for the protocol.

THORChain also appeared in the aftermath of the Bybit hack. According to Bybit CEO Ben Zhou, attackers laundered about $1.2 billion of the stolen $1.4 billion through THORChain by swapping Ether into Bitcoin.

The latest suspected exploit, therefore, places THORChain under renewed scrutiny. The protocol’s emergency halt may limit immediate damage, but the incident adds pressure on DeFi platforms to improve risk controls while preserving non-custodial access.

Also Read:

Disclaimer: This article on Cryptowealthnet is only for informational purposes and does not constitute investment advice. Cryptocurrency markets are volatile, and readers should conduct their own research before making financial decisions.

KIPLANGAT RONO HESHBON

KIPLANGAT RONO HESHBON is a Crypto Market Analyst and Blockchain Research Specialist with extensive experience producing data-driven market insights for leading digital asset publications. Skilled in on-chain analysis, derivatives tracking, technical chart interpretation, and tokenomics evaluation. Experienced in delivering structured, analytical reports covering Bitcoin, Ethereum, altcoins, DeFi, and macro-driven crypto movements. LinkedIn: KIPLANGAT RONO HESHBON