Thorchain Halts Trading After $10 Million Cross-Chain Exploit, RUNE Token Drops 12%
The cross-chain liquidity protocol Thorchain suspended all trading and signing on Friday after an attacker drained roughly $10.8 million across Bitcoin, Ethereum, BSC, and Base. The exploit marks another high-profile security breach in the decentralized finance (DeFi) space, reigniting concerns about the safety of cross-chain bridges.
Attack Details
According to blockchain security analysts, wallets linked to the attacker currently hold approximately 3,443 ETH, 36.85 BTC, and 96.6 BNB. The exploit involved the manipulation of Thorchain’s cross-chain messaging system, which coordinates swaps between different blockchains. The attacker was able to trick the protocol into releasing funds without proper collateral, a classic "fake token" or "logical flaw" attack vector that has plagued many bridges.
Thorchain has not yet released a post-mortem explaining the exact attack vector. However, initial investigations suggest that the exploit targeted the protocol’s handling of external tokens, allowing the attacker to withdraw native assets on multiple chains simultaneously. The four chains affected—Bitcoin, Ethereum, BSC, and Base—represent the core exchange pairs Thorchain supports, meaning the attacker drained liquidity pools across the board.
Immediate Market Reaction
Following the news, Thorchain’s native token, RUNE, fell approximately 12%. Trading volumes surged as panic selling hit the market. RUNE is currently trading at around $1.42, down from $1.61 before the exploit was disclosed. The broader cryptocurrency market also experienced mild pressure, with Bitcoin dipping briefly below $77,000 as investors grew cautious.
Thorchain’s halted operations include all trading, swapping, and network signing. The protocol’s treasury and remaining liquidity are frozen until a fix can be implemented and nodes agree to resume operations. This is not the first time Thorchain has faced security issues; the protocol has been exploited multiple times in the past, including a $5 million hack in 2021 and a $8 million attack in 2022.
Background on Thorchain
Thorchain is a decentralized cross-chain liquidity protocol that allows users to swap native assets across blockchains without wrapping tokens. It is one of the few protocols that supports native Bitcoin, Ethereum, and Binance Coin swaps directly, making it a critical piece of DeFi infrastructure. The protocol relies on a network of nodes that manage vaults and sign transactions via threshold signatures. RUNE is used as a settlement asset and to incentivize node operators.
Despite its innovative design, Thorchain has been a frequent target for hackers. The protocol’s complexity—combining multiple blockchains with different security models—creates a large attack surface. Previous exploits have included bugs in the vault withdrawal logic and failures in the Bifrost cross-chain bridge module. Each time, the team has patched the vulnerability and resumed operations, but trust among liquidity providers has eroded.
Cross-Chain Bridge Security Crisis
The Thorchain exploit adds to a growing list of cross-chain bridge incidents that have collectively resulted in losses of over $2.8 billion since 2021. Notable examples include the $540 million Ronin Bridge hack, the $320 million Wormhole exploit, and the $200 million Nomad bridge collapse. Most attacks exploit implementation errors rather than fundamental blockchain flaws, often involving social engineering or smart contract bugs.
Bridges are considered the most vulnerable part of the crypto ecosystem because they hold large amounts of locked liquidity and are coded in niche languages. Thorchain, for example, uses a custom Tendermint-based consensus and Cosmos SDK, which, while robust, has had historical issues with state verification. Security firms like Trail of Bits and OpenZeppelin have repeatedly called for more rigorous auditing and formal verification of bridge code.
RUNE Tokenomics and Long-Term Impact
RUNE’s price decline reflects investor anxiety about the protocol’s ability to recover. RUNE is used to pay fees and as a reserve asset in liquidity pools. If the exploited funds are not recovered, the protocol may need to mint additional RUNE or pass on losses to liquidity providers, potentially causing a bank run. Thorchain has a built-in "insurance fund" derived from network fees, but it may not be large enough to cover a $10 million shortfall.
The team has not disclosed whether they plan to compensate affected users. In previous incidents, Thorchain deployed emergency patches and resumed operations without compensating LPs fully, leading to community backlash. The current exploit could accelerate the migration of liquidity to competing protocols like Chainflip or Cosmos IBC, which offer similar cross-chain functionality but with different security guarantees.
Regulatory Implications
While the exploit is a technical failure, it also draws attention to regulatory gaps. Cross-chain bridges operate in a gray area, often lacking legal clarity in most jurisdictions. The U.S. Treasury Department has warned that bridges can be used for money laundering and sanctions evasion, and the SEC has signaled that some DeFi protocols may violate securities laws. Thorchain’s repeated hacks could invite closer scrutiny from regulators like the CFTC, which has already taken enforcement actions against other DeFi platforms.
Technical Workarounds and Future Prevention
In response to the exploit, several developers have proposed temporary solutions: increasing the number of signers per vault, implementing slower withdrawal times, and adding off-chain risk monitoring. However, these measures reduce the protocol’s efficiency and undermine its value proposition of fast, seamless swaps.
Long-term, the industry may need to adopt cryptographic methods like zero-knowledge proofs or cross-chain state verification to eliminate trust assumptions entirely. Thorchain’s model of decentralized nodes managing vaults is already a step forward, but it still relies on the security of each connected blockchain. A bug in just one chain’s client can expose the entire system, as seen in the BSC exploit earlier this year.
The Thorchain community is now waiting for the team’s post-mortem and recovery plan. While the exploit is a setback, it could also serve as a learning opportunity for the entire DeFi ecosystem to harden cross-chain infrastructure. Until then, RUNE remains under pressure, and traders are advised to exercise caution.
Source: Coindesk News