THORChain Loses $10.7 M After Vault Compromise, Trading Halted
What Happened — On Friday, blockchain‑security firm Peckshield and crypto investigator ZachXBT reported that a THORChain vault was breached, resulting in the theft of roughly 36 BTC (≈ $3 M) and an additional $7 M in other coins, for a total loss of about $10.7 M. THORChain confirmed the incident, halted all trading, and began an investigation.
Why It Matters for TPRM —
- A single‑point failure in a third‑party crypto protocol can cause multi‑million‑dollar losses and service disruption for downstream customers.
- The breach highlights the importance of continuous security monitoring and incident‑response clauses in vendor contracts.
- Rapid detection and automatic transaction halts mitigated further loss, underscoring the value of built‑in safeguards.
Who Is Affected — Financial services & cryptocurrency platforms that rely on THORChain for cross‑chain liquidity, as well as their end‑users.
Recommended Actions — Review THORChain’s security controls (vault architecture, key management, monitoring), validate contractual obligations for breach notification, and consider diversifying liquidity across multiple protocols to reduce concentration risk.
Technical Notes — The attack appears to have exploited a vulnerability in the vault‑signing process, allowing unauthorized outbound transactions. No specific CVE was disclosed. The stolen assets were protocol‑owned funds; user funds remain reportedly safe. Source: The Record