Reading Time: 3 minutesKey Takeaways:
Over $10.8 million was stolen across Bitcoin, Ethereum, BSC, and Base.
Hackers used an address poisoning trick during a routine vault migration process.
The network activated an emergency halt to stop all trading and prevent further damage.
Security experts are currently tracking the stolen funds as the protocol team prepares a fix.
Thorchain has officially paused all network activities today after suffering a massive $10.8 million multichain exploit that drained Bitcoin, Ethereum, and other major assets during a routine system update.
INTEL: Thorchain appears to have suffered multi-chain exploit across Bitcoin, Ethereum, BSC and Base with losses exceeding $7.4M pic.twitter.com/y3BXOXZi3M
— Solid Intel 📡 (@solidintel_x) May 15, 2026
A Sudden Attack Across Multiple Networks
The Thorchain network is facing a major security crisis today, following a multi chain exploit. The attacker managed to steal over $10.8 million in various digital assets. This includes approximately 37 Bitcoin, valued at nearly $3 million, along with 216 Ethereum and large amounts of BNB and USDC. The attack was particularly damaging because it hit several blockchains at the same time, including Bitcoin, Ethereum, BSC, and Base. In response to the breach, network nodes quickly voted to activate an emergency halt to stop all trading and fund movements.
Thorchain appears to have suffered multi-chain exploit
Read Next: Google Detects First Ever AI Generated Zero Day Attack in the WildÂ
The Vault Churn and Address Poisoning Trick
The hacker targeted a specific part of the protocol’s operation known as vault churning, which is a routine process for moving funds to new secure locations. During this migration, the attacker used a method called address poisoning to trick the system into approving large transfers to fraudulent addresses. By sending fake data that looked like official requests, the hacker convinced the protocol to send millions of dollars to their own wallets instead of the correct vaults. The problem may be linked to the network’s signing system, which allowed the unauThorized transfers to be approved by the protocol’s nodes.
Read Next: Arbitrum Freezes $71 Million in Stolen ETH After KelpDAO ExploitÂ
Technical Root Cause and the Failed Patch
A new analysis has identified the exact cause of the exploit as a proposer forgery bug in the network’s messaging system. This flaw allowed an attacker to flip a real deposit record into a fake payout because the validator signatures did not properly cover the inbound/outbound status of a transaction. Surprisingly, a fix for this exact vulnerability was written as a code commit on May 6, nine days before the attack, but a failure in the company’s automatic update pipeline prevented the patch from being sent to validators in time. As the funds began to drain across Ethereum, BSC, and Bitcoin, the protocol’s auto-SOLVENCYHALT feature successfully triggered, leading to a total global pause of all trading and activities through the Mimir security tool to prevent further losses.
Current Status and Recovery Efforts
ZachXBT are currently monitoring the attacker’s wallets
Right now, all operations on the Thorchain network are completely paused while the developers search for a permanent fix. Blockchain security experts like ZachXBT are currently monitoring the attacker’s wallets, where the stolen funds are sitting dormant for the moment. While Thorchain is often used as a bridge to move funds from other exploits, this time the protocol was the victim of a direct attack. The team hasn’t released a full report on how they will recover the lost money or when the network will be safe to use again, but they are working closely with security firms to track the assets.