THORChain confirms $10M exploit, rolls out recovery portal for affected users

THORChain has launched a recovery portal following a $10 million exploit, allowing affected users across four chains to revoke malicious approvals and claim refunds.

THORChain has confirmed a $10 million exploit and launched a recovery portal, giving affected users a self-custodial path to revoke malicious token approvals and submit refund claims backed by a treasury-provisioned refund pool of equal size.

In a Saturday post on X, THORChain Foundation introduced the recovery portal, saying that “affected users are now able to check what they will be paid as compensation following the exploit.”

The portal, citing a PeckShield post-mortem, claims that the attack was detected at 02:14 UTC on May 11, when node operators flagged anomalous outbound transactions. Trading and outbound signing were paused within eight minutes. In total, attackers drained 36.75 BTC, worth around $3 million, and approximately $7 million in tokens across BNB Chain, Ethereum and Base, hitting 12,847 wallets across four chains.

Read more