THORChain Suffers Second Multi-Million Dollar Attack in a Week

Share Article
In Brief
  • White-hat hacker demands 10% in $8 million DeFi attack.

  • THORChain advised to slow down in Chaosnet deployment.

  • RUNE price tanks again dropping more than 80% from ATH.

  • promo

    BIT Launchpad: Up To 3,500 FREE BIT. Don’t Miss The Beat. Join Now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Cross-chain decentralized exchange (DEX) THORChain has been attacked for the third time this year and the second time within a week.



THORChain posted the alert on its Twitter feed on July 23, just a week after it was exploited for $5 million in a flash loan attack.

The protocol stated that this time the figure lost was around $8 million and that the attack was carried out by a benevolent white-hat hacker that has requested a 10% bounty.



“THORChain has suffered a sophisticated attack on the ETH Router, around $8m. The hacker deliberately limited their impact, seemingly a whitehat.”

White-Hat mercy

THORChain confirmed that the attacker will be awarded the bounty requested if they reach out, and they should be encouraged to do so.

“It is a tough time for the community and project, and the pain is real. The treasury has the funds to cover, but it’s time to slow down.”

It stated that systems will be halted until the code can be fully audited. In a screenshot posted from THORChain’s Discord channel, the hacker claims to have purposely limited damages in a bid to teach the protocol a lesson. It stated: “Do not rush code that controls 9 figures,” and “Disable until audits are complete.”

The hacker also claimed that they could have taken Ethereum, Bitcoin, Binance Coin, Lycancoin, and other BEP-20 tokens if they had wanted to, adding that “multiple critical issues” were found. A 10% bug bounty would have prevented it, they added.

THORChain stated that the project is too important not to deliver on, adding:

“The complexity of the state machine is currently its archille’s heel, but this can be solved with more eyes on, as well as a re-think in developer procedures and peer-review.”

Protocol advocate and ShapeShift CEO Erik Voorhees remained pragmatic:

“Thorchain has had a horrible month, not going to sugar coat it. Bleh. The project needs to slow down. Time to take the tortoise strategy. Regardless, I remain a committed supporter, and am glad these issues are being discovered during chaosnet.”

On July 16, BeInCrypto reported that the DEX protocol was exploited using another router vulnerability in which it lost around $5 million. THORChain was also targeted by hackers in a June attack, costing it around $140,000.

RUNE price tanks again

THORChain’s native token, RUNE, dumped 27% from an intraday high of $4.80 to bottom out at $3.50 a few hours ago according to CoinGecko. The much-hyped token has now lost 38% over the past fortnight in the wake of the two incursions.

At the time of press, RUNE was trading at $3.84, down 81.5% from its May 19 all-time high of $20.87. According to DeFiLlama, THORChain’s total value locked was $101 million. It has lost 30% of its collateral since it peaked on July 7.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Market signals, studies and analysis! Join our Telegram Today!


Bit2Me ICO JUST STARTED! Buy B2M token now.

Buy now!

BIT Launchpad: Up To 3,500 FREE BIT. Don't Miss The Beat.

Join Now!