What Triggered THORChain’s Trading Suspension?
THORChain paused trading after blockchain security researchers ZachXBT and PeckShield flagged a suspected exploit affecting assets across Bitcoin, Ethereum, BNB Smart Chain, and Base. The researchers identified alleged theft addresses on both the Bitcoin network and EVM-compatible chains, estimating losses at more than $10 million. Both ZachXBT and PeckShield described the exploit as likely but not yet fully confirmed at the time of reporting. The announcement triggered an immediate market reaction. THORChain’s native token, RUNE, fell as much as 11% following the reports, trading near $0.52 according to CoinGecko data. The incident adds to a growing history of operational and security disruptions surrounding the cross-chain liquidity protocol.Why Does THORChain Continue to Face Security Pressure?
THORChain operates as a cross-chain liquidity network designed to move assets between blockchains without relying on wrapped tokens or centralized intermediaries. That structure increases technical complexity and expands the potential attack surface compared with single-chain protocols. The protocol has repeatedly appeared in investigations tied to exploit-related fund movement. In several cases, stolen assets were routed through THORChain to swap between chains, particularly from Ethereum into Bitcoin. One recent example involved funds connected to the Kelp DAO exploit, where assets were bridged through THORChain, pushing daily protocol volume to roughly $394 million. The latest incident follows earlier operational stress. In January 2025, THORChain suspended ThorFi lending operations amid insolvency allegations and later implemented a 90-day validator-led restructuring process.Investor Takeaway
Cross-chain protocols face elevated security risk because they interact with multiple networks and liquidity systems simultaneously. Complexity remains one of the largest unresolved vulnerabilities in decentralized infrastructure.
How Did THORChain Handle Previous Crises?
Following the ThorFi disruption, THORChain addressed a reported $200 million debt crisis by converting defaulted obligations into a new equity-style token structure. The move prevented immediate collapse but raised questions about the long-term sustainability of the protocol’s financial design. Security incidents have also directly affected figures connected to the ecosystem. In September 2025, THORSwap announced a bounty after an exploit targeting THORChain founder John-Paul Thorbjornsen’s personal wallet resulted in losses of roughly $1.2 million. ZachXBT later linked the activity to North Korean hackers. The repeated appearance of the protocol in exploit investigations has increasingly tied THORChain’s public profile to laundering concerns and post-hack fund movement rather than purely decentralized liquidity infrastructure.Investor Takeaway
Repeated restructuring events and exploit-related activity can weaken institutional confidence in decentralized protocols. Security reputation increasingly influences liquidity, trading activity, and long-term adoption.
