THORChain Loses $5M in Latest DeFi Exploit

  • While it was initially reported the protocol had lost around 13,000 ETH in the attack, more detailed assessments have put that number to around 4,000.
  • The THORChain vulnerability is already being patched, and the team behind the project has said that users will be compensated for their losses.
Lose money


THORChain, a decentralized cross-chain exchange, has suffered from an attack that drained around $5 million in Ethereum (ETH) from the protocol, Runebase reported on 16 July.

While initially it was estimated that about 13,000 ETH ($25 million) were lost in the attack, a more detailed assessment of the situation by THORChain revealed that number was significantly lower. The team behind the crypto trading protocol has already stated the protocol has enough funds to cover the losses, but it’s hoping the hacker would return the funds in exchange for a bug bounty. A THORChain Telegram post reads:

“While the treasury has the funds to cover the stolen amount, we request the attacker get in contact with the team to discuss return of funds and a bounty commensurate with the discovery.”

The network was quickly halted after the incident was discovered, with the THORChain team saying that once it is patched the network will be restarted. According to the team, the only users that were affected by the attack were ETH liquidity providers.

During its investigation, THORChain found that the hacker had paid “huge slip fees” while executing his attack, with nodes capturing around $1.4 millions, and ERC-20 liquidity providers another $1.4 millions. The team will now work with security firms to have its contracts audited.

This is not the first time THORChain was the target of an attack, with the protocol losing around $140,000 worth of assets during its Chaosnet deployment last month.

Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM


Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Zunami Protocol’s Stablecoin Pools Exploited, Suffers $2.1M Loss
  • DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
  • Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.