THORChain exploit claims surfaced after ZachXBT said the cross-chain protocol appeared to lose more than $7.4 million.
THORChain, a cross-chain liquidity protocol used to swap assets between networks, appears to have been exploited for more than $7.4 million, according to an alert shared by on-chain sleuth ZachXBT.
ZachXBT wrote in his Telegram channel on Friday, May 15, that THORChain “appears to have been exploited” across Bitcoin, Ethereum, BNB▼$570.82 Chain and Base. A separate monitoring alert by blockchain security firm Cyvers said in an X post it detected about $7.2 million in suspicious transactions involving the THORChain router.
The stolen assets reportedly included USDT▲$0.9994, USDC▼$0.9993, WBTC, DAI▲$0.9999, THOR, LUSD, XRUNE, GUSD, AAVE▼$61.63, LINK▼$7.21 and FOX. The alert said the funds were swapped into ETH▼$1,551.57 and consolidated at the Ethereum address 0xd477….8890Bd.
Shortly after the news broke, THORChain paused trading, though it hasn’t made a public statement so far.
THORChain Laundering Scrutiny
THORChain is once again under scrutiny after the cross-chain protocol is believed to have been extensively used by North Korean hackers involved in the theft of nearly $1.5 billion in the Bybit hack, which the FBI blamed on TraderTraitors, North Korea-linked entities.
First revealed in 2018 during Binance Dexathon, THORChain is a protocol for cross-chain swaps without a centralized exchange in the middle.
That feature has turned THORChain into a constant channel for hackers’ activities. Apart from the Bybit hack, it was apparently utilized by a hacker behind the KelpDAO hack who laundered close to 34,500 ETH worth almost $80 million into Bitcoin using THORChain along with Umbra to obfuscate their traces.
Read more: Kelp DAO and Aave Resume rsETH Operations
