THORChain Hack (2026)

On May 15, 2026, THORChain, a decentralized cross-chain liquidity protocol, was exploited for about $10.8 million (put at over $11 million across at least nine chains by TRM Labs), first flagged by investigator ZachXBT and confirmed by PeckShield. THORChain contributors said current evidence pointed to a newly churned, likely single malicious node, with the leading theory being a vulnerability in the GG20 threshold-signature scheme that secures its Asgard vaults, allowing unauthorized withdrawals across Bitcoin, Ethereum, BNB Chain, Base, and other supported networks. The protocol executed a global emergency halt of trading and signing while its blockchain kept running, and the RUNE token fell about 11% to 15%. THORChain has suffered repeated incidents since 2021 and has also served as a primary laundering rail for major hacks, including Bybit and KelpDAO, having declined to block illicit flows on anti-censorship grounds. The exploit reinforced the systemic risk of multi-party signature schemes and node-set security in cross-chain liquidity networks, and the value of fast circuit breakers.