THORChain, a decentralized crypto exchange protocol that functions as a meta layer across multiple blockchains, halted trading on Friday after a suspected exploit resulted in the theft of roughly $10 million worth of crypto assets. The project enables cross-chain swaps of native tokens without wrapping them, which THORchain claims to be a more secure method of trading assets between different blockchains. Funds on multiple blockchains are said to be affected in the incident. Notably, the THORChain team has often described the protocol in communications as unstoppable, and one of the most popular wallets used with it carries the name Unstoppable Wallet.
Security researchers first identified suspicious activity involving the compromise of one of THORChain’s Asgard vaults on Friday. The vulnerability appears linked to the protocol’s threshold signature scheme used for managing cross-chain liquidity, which enabled unauthorized outbound transactions from the vault. Losses totaled around $10.7 million initially, with revisions placing the figure closer to $11 million across at least nine chains. Assets stolen included approximately 36.75 bitcoin along with holdings on Ethereum, BNB Chain, Base, Avalanche, Dogecoin, Litecoin, Bitcoin Cash, and XRP Ledger. The protocol’s automated systems detected the abnormal behavior and triggered emergency measures that included halting trading, signing, and global chain operations to contain further damage.
It should be noted that THORChain has claimed end user funds were not affected by this incident.
Charles Guillemet, who is the CTO of crypto hardware wallet manufacturer Ledger, pointed to the changing dynamics of the sort of multi-party computation scheme used by THORChain in an initial assessment of the incident on X, stating, “AI changes the threat model. Compromising a full software node, complex Go stack, exposed P2P, custom signing daemons, a churn protocol that admits new participants on a schedule, has always been difficult and acted as a barrier. With LLM-driven vulnerability discovery and exploit synthesis, the bar to compromise one of N validators is dropping fast.”
as one of the few who understood the cryptography of MPC of DSA, my take is: too complex to make work securely, due to adaptive cryptography attacks, implementation/cryptography bugs, few understand enough to review. plus the shards are all ONLINE in software servers. not good!
— Adam Back (@adam3us) May 15, 2026
Separately, Blockstream CEO and Satoshi candidate Adam Back noted, “Interactive multi-party cryptography is just fragile and complex. And the cryptography needed for MPC ECDSA is novel.”
Despite the frequent references to THORChain as an unstoppable crypto exchange protocol, the validators on the network agreed to shut down trading as the investigation into the incident got underway on Friday. As of this writing on Sunday, trading on THORChain remained paused.
Over the past year or so, a large number of different blockchain networks and DeFi protocols have been exposed as operating rather similar to traditional finance companies when something goes wrong, such as a hack or some other technical issue. Last year there were multiple blockchains that were frozen in time in response to the $120 million exploit of Balancer which worked in a manner similar to the scheme from Office Space. More recently, Ethereum layer-two network Arbitrum has faced criticism for its seizing of $71 million worth of hacked funds, equivalent to about 30,000 ether, into a multisig wallet controlled by the network’s security council following an exploit on KelpDAO. The council used its emergency powers for the off-chain coordinated move rather than an on-chain governance vote. Multiple blockchains and DeFi protocols also became unreachable at one point last year due to downtime at Amazon Web Services.
Stablecoins have been another key area where crypto centralization has been exposed, as Tether recently seized $344 million worth of its USDT stablecoin that had been linked to the Iran regime. It had previously been reported that the regime had been using the stablecoin to support the value of the Iranian rial and for settlement of international trade. The rial had fallen 43% against the dollar over the prior year, and USDT provided a key workaround for sanctions-related payment challenges. Stablecoin issuers are now also rolling out their own stablechains in an effort to further control more of the crypto tech stack, with Circle recently raising $222 million for the development of its own blockchain from multiple Silicon Valley and Wall Street firms.
Exploits of crypto projects more generally hit record levels in April when there was nearly one exploit reported per day. North Korean agents have reportedly been behind the incidents that account for the vast majority of stolen crypto funds this year. The North Korean regime has denied these allegations.
These issues of security and centralization found throughout the crypto industry appear to be impacting the viability of non-Bitcoin crypto networks such as Ethereum, as indicated in a recent JPMorgan analyst report. The analysts noted that ether and altcoins have continued to underperform bitcoin since 2023, despite broader market recoveries.
