THORChain Hit by $10.7 Million Theft Due to Unapplied Patch
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On May 15, 2026, THORChain suffered a significant security breach, resulting in the theft of $10.7 million from its Asgard vault. This incident marks the third major hack in five years, with previous breaches totaling $200 million in liabilities and connections to North Korean laundering activities. The attack exploited a known vulnerability (CVE-2023-33241) for which a patch had been available but not deployed for nine days. The automated solvency checker paused the network for over 12 hours, but funds were already drained across multiple chains, including Bitcoin and Ethereum. The total losses were later confirmed to exceed $11 million across at least nine chains. The incident raises questions about the accountability of THORChain's maintenance practices and the ongoing risk of cyber threats. Market value for RUNE dropped by 15% in response to the breach, leading to a rapid evaporation of $27 million in market cap. The attack highlights systemic issues within THORChain's security protocols and governance.
Key Points: • THORChain lost $10.7 million due to an unapplied patch for a known vulnerability. • This breach is the third major incident in five years, totaling $200 million in liabilities. • The attack involved multiple chains, with a significant impact on THORChain's market value.