THORChain Lost $10M in Crypto Assets: PeckShield

4 mins mins

Blockchain security firm PeckShield has reported that THORChain, the cross-chain decentralized exchange protocol, lost approximately $10 million in crypto assets following exploit activity. The figure remains only partially verified, and key details about the loss composition and remediation timeline are still unresolved.

PeckShield Attributes $10 Million Loss to THORChain Exploits

The reported loss of about $10 million is attributed to PeckShield, a blockchain security and data analytics company that tracks exploit activity across DeFi protocols. The figure represents an approximate total rather than a confirmed final tally.

Multiple reporting outlets covered exploit incidents affecting THORChain. CoinDesk reported that the protocol lost roughly 4,000 ETH in one attack, while Decrypt separately covered a follow-up incident involving approximately $8 million in losses.

The pattern of repeated exploits within a short window contributed to the cumulative loss figure cited by PeckShield. However, independent on-chain verification of the full $10 million total is not available in current reporting.

Available Reporting on What Happened

According to available reporting, THORChain experienced multiple exploit events that targeted the protocol’s cross-chain liquidity infrastructure. The CoinDesk report focused on an attack that drained approximately 4,000 ETH from the protocol.

THORChain’s team acknowledged the incidents through official communications on X (formerly Twitter). The protocol paused network activity in response to the exploits, a standard emergency measure for DeFi protocols facing active threats.

A separate recap published by Runebase detailed the exploit sequence and its impact on the THORChain ecosystem. The exact technical vector used in the attacks has not been fully disclosed in the sources available for this report.

Why This Matters for THORChain Users and DeFi Liquidity

THORChain operates as cross-chain swap infrastructure, allowing users to trade native assets across blockchains without wrapped tokens. A loss of this scale directly affects liquidity providers who deposit assets into the protocol’s pools.

For liquidity providers, exploit-driven losses can mean permanent impairment of deposited capital. Unlike centralized exchange hacks where insurance funds sometimes cover losses, DeFi protocol exploits often socialize losses across the pool or rely on treasury reserves for reimbursement.

The incident also raises broader questions about cross-chain protocol security, a concern relevant to DeFi infrastructure more generally. Cross-chain bridges and swap protocols have been among the most frequently exploited categories in decentralized finance, as the complexity of multi-chain interactions creates larger attack surfaces. This pattern of vulnerability in DeFi security infrastructure has implications beyond any single protocol, touching on how exchanges and platforms manage risk during maintenance or security events.

Market data for THORChain’s native RUNE token was not available in the research inputs for this report, so price-impact analysis cannot be responsibly included.

What Remains Unverified

Several critical details about the reported $10 million loss remain unconfirmed. The exact breakdown of lost assets across individual exploit events has not been independently verified through on-chain data in the available sources.

Open questions include the precise exploit methodology used in each attack, whether all affected users and liquidity providers received reimbursement, and what specific protocol changes were implemented to prevent recurrence.

A comprehensive on-chain accounting or official post-mortem that reconciles the total loss figure with verifiable transaction data would materially strengthen the reporting. Until such documentation is publicly available, the $10 million figure should be understood as PeckShield’s attributed estimate rather than a confirmed final number.

The transparency challenges highlighted by this incident mirror broader issues in DeFi incident reporting, where firms tracking digital asset exposure across multiple sectors often face incomplete data when assessing losses in real time.

FAQ: THORChain Loss Claim and User Exposure

Who reported the $10 million THORChain loss?

PeckShield, a blockchain security and data analytics firm, attributed approximately $10 million in crypto asset losses to THORChain. The figure is an estimate based on exploit tracking, not a confirmed audit result.

Is the $10 million figure independently confirmed?

No. While multiple outlets reported on individual THORChain exploits, a single verified on-chain accounting that totals exactly $10 million has not been published in available sources. The figure should be treated as an attributed claim.

What should THORChain users and liquidity providers monitor?

Users should watch for official post-mortem reports from the THORChain team, any reimbursement announcements for affected liquidity providers, and protocol upgrade disclosures that address the exploited vulnerabilities. Monitoring prediction and risk assessment platforms, similar to how prediction markets track outcomes in real time, can also help users stay informed about protocol risk.

Why does this matter for DeFi more broadly?

THORChain operates critical cross-chain swap infrastructure. Repeated exploits against a protocol of this significance highlight ongoing security challenges in multi-chain DeFi architecture, particularly around bridge and swap contract design.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.