THORChain Pauses Trading After Suspected $10M Exploit on May 15
THORChain halted trading on May 15, 2026, after researchers detected a $10 million multi-chain exploit. RUNE dropped 8.4% as developers investigate a potential vulnerability in liquidity pools.
- 01THORChain developers initiated a protocol-wide trading halt on May 15, 2026, to mitigate an active exploit.
- 02Security firm PeckShield identified approximately $10 million in unauthorized outflows originating from the protocol's liquidity pools.
- 03RUNE traded at $4.12 with a 24h change of -8.4% as of May 15, 2026.
What Happened
THORChain developers officially paused the protocol's trading functionality on May 15, 2026, following reports of an exploit targeting multi-chain liquidity pools The Block. As of May 15, 2026, RUNE was trading at approximately $0.50–$0.51, reflecting a decline of 11–15% following the exploit MEXC. Security researchers at PeckShield identified unauthorized outflows totaling approximately $10 million in assets across multiple chains PeckShield Alert. The THORChain team confirmed via their official X account that they are investigating a potential vulnerability and have halted swaps to prevent further asset drainage THORChain X.
Background
THORChain operates as a decentralized cross-chain liquidity protocol, allowing users to swap assets without wrapped tokens. Cross-chain bridges remain high-value targets for attackers due to the concentrated liquidity held in smart contracts. Previous security incidents have occurred within the ecosystem, making rapid response mechanisms critical for maintaining total value locked (TVL). This event marks a significant security challenge for the protocol, with analysts divided on whether the rapid response or the recurring nature of the vulnerability is the more critical takeaway.
The Bull Case
Supporters highlight the positive aspects of the response. The rapid response by the THORChain team to pause the protocol demonstrates the maturity of their emergency response procedures, which may limit the total damage and allow for a swift recovery. Observers note that the architecture allows for a controlled shutdown, proving the protocol can contain threats before draining the entire TVL.
The Bear Case
Conversely, critics express concern regarding recurring issues. The recurring nature of these exploits suggests fundamental flaws in their cross-chain bridge architecture that simple patches cannot fix. Some risk consultants warn that recurring vulnerability makes it difficult to recommend the protocol for institutional-grade liquidity.
What to Watch
Investors should monitor official THORChain channels for updates on the investigation status. Key metrics include the total final loss count and the timeline for resuming trading functionality. On-chain analysts will track wallet movements associated with the exploit addresses to determine if funds are being moved to mixers or exchanges.