THORChain (RUNE) Halts Trading After $10M Exploit, Token Drops 13%
Felix Pinkston May 15, 2026 11:57
THORChain paused trading after a $10M multi-chain exploit flagged by ZachXBT. RUNE fell 13% as investigations begin.
Decentralized liquidity protocol THORChain has halted trading following a suspected $10 million exploit flagged by blockchain investigator ZachXBT. The protocol paused all activity for approximately 12 hours after reports surfaced of funds being drained across several blockchains, including Bitcoin, Ethereum, BNB Chain, and Base.
According to data from Arkham Intelligence, wallets linked to the exploiter held approximately $10.8 million in stolen funds, with transactions spreading across multiple blockchains. The breach was reportedly executed in a series of smaller transfers, with activity ceasing by 10:11 AM UTC on May 15, 2026. Security firm PeckShield corroborated the findings, identifying 36.75 BTC and other assets as part of the exploit.
Immediate Fallout: RUNE Token Drops
THORChain’s native token RUNE saw a sharp decline in response to the news, dropping 13% to trade near $0.51 by the end of May 15. CoinGecko data shows the token is now down 72% year-over-year, with the latest exploit adding pressure to its already strained price action. At the time of writing, RUNE’s 24-hour price change stood at -0.08%, reflecting lingering market uncertainty.
The exploit has also reignited concerns about THORChain's security measures. As a non-custodial cross-chain protocol, THORChain allows users to swap assets across different blockchains, making it a frequent target for malicious actors. Notably, in April 2026, the attacker behind the $293 million Kelp DAO exploit routed 75,700 ETH through THORChain, generating approximately $910,000 in fees for the protocol. Similarly, hackers involved in the $1.4 billion Bybit hack in February 2025 used THORChain to launder $1.2 billion worth of stolen funds from ETH to BTC.
Broader DeFi Security Concerns
This incident adds to a troubling trend in decentralized finance (DeFi), where exploits have surged in both frequency and scale. April 2026 alone saw $634 million stolen across various protocols, the highest monthly total since the Bybit hack. The recurring use of THORChain in laundering stolen funds underscores the challenges inherent to cross-chain DeFi platforms, particularly their susceptibility to abuse despite not being classified as mixers like Tornado Cash.
At the time of publication, THORChain had yet to issue a formal statement confirming the exploit but did trigger an emergency network pause to investigate. The protocol’s alerts channel indicated trading and signing would remain disabled until block 26191149, or roughly 12 hours and 42 minutes after the halt.
While the immediate focus remains on recovering stolen funds and addressing security gaps, the incident is likely to amplify calls for stricter safeguards in DeFi protocols. For traders, RUNE’s steep decline highlights the ongoing risks associated with projects facing security challenges, and the token’s future performance will largely hinge on how THORChain handles the fallout.
Image source: Shutterstock.jpg)