Cross-chain liquidity protocol THORChain has reportedly been exploited for $10 million worth of crypto.
That’s according to investigator ZachXBT, who revealed in his Telegram channel that the fund movements suggest the protocol was likely exploited.
As a result, THORChain has paused its trading activity. THORChain’s X account and the account of its founder, John-Paul Thorbjornsen, have yet to comment on the exploit.
ZachXBT listed three theft addresses as part of his findings:
- bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37
- 0x82fc0d5150f3548027e971ec04c065f3c93154eb
- 0xd477b69551f49c0519f9b18c55030676138890bd
Read more: THORChain pauses lending, savings but $200M restructure ‘no big deal’
The sleuth initially posted that around $7 million was exploited, but later updated it to $10 million.
While ZachXBT noted that it was a “likely” exploit, various crypto security firms have since confirmed it. Crypto security analysts PeckShieldAlert claimed that the attacker was able to steal $3 million worth of bitcoin and roughly $7 million of crypto assets from BNBChain, Ethereum, and Base.
Another self-proclaimed crypto investigator who goes by the username “tanuki42” claimed that the exploiter’s gas funds were supplied by bridging protocol Wagyu xyz.
It’s unclear exactly what caused the exploit.
THORChain has a love-hate relationship with North Korea
Earlier this week, crypto researcher “meow mfer” claimed that THORSwap hired a suspected North Korean IT worker.
THORChain describes THORSwap as the “leading multi-chain decentralized exchange aggregator and flagship interface for all THORChain features.”
Meow mfer claims the individual “had at least three pull requests MERGED into the official swapkit/SwapKit repository — the core SDK powering ThorSwap’s cross-chain swap infrastructure.”
They note that this individual was building wallet integration code for THORSwap, and that they also built “MEV extraction tools” and possessed concealment software used by North Korea.
Last year, THORSwap offered a bounty after Thorbjornsen’s personal wallet was drained of $1.2 million worth of crypto assets.
ZachXBT attributed the hack to North Korea and noted that “JP is one of the people whose has greatly benefited financially from the laundering of DPRK hacks/exploits.”
Read more: Vultisig founder says DPRK-linked Bybit transactions are ‘legitimate’
Indeed, funds stolen in North Korea are often moved through THORChain and its founders’ affiliated services in transactions that have resulted in significant profits for THORChain.
Protos has reached out to ZachXBT for comment and will update this piece should we hear anything back.
Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
The post THORChain exploited for $10M, crypto analyst claims appeared first on Protos.
