Rune tanks 11% after attackers move $10M in THORChain exploit

THORChain, one of the leading decentralized cross-chain DEXs, is the latest victim of a major hack across several blockchain platforms. As per the security warnings issued on May 15, 2026, THORChain suffered losses of about $10 million in cryptocurrencies. 

The attack targeted the BTC, ETH, BNB Chain, and Base blockchains, with the stolen crypto coins swiftly transferred into certain wallets. So far, the THORChain team has not issued an official comment.

Hackers targeting crypto grow bolder

Approximately $25 million has been lost to hacks in the crypto space since the start of May. Today’s hack targeted THORChain’s cross-chain liquidity services, enabling unauthorized token withdrawals from pools on the Bitcoin, Ethereum, BNB Chain (formerly BSC), and Base blockchains. 

While initial estimates pointed to losses of more than $7.4 million, the latest data from security firm PeckShield puts the total figure closer to $10 million. This looks like a well-planned attack, with asset movement occurring over a short period of about 13–14 hours before the leak. 

According to blockchain explorers, ETH inflows, along with other transactions, were detected as late as 9:06 UTC on May 15, 2026.

The exact distribution of the stolen crypto has been tracked on-chain. For Bitcoin, about 36.85 BTC ($2.97 million) has been transferred to the wallet bc1q14u94klk265lnfur2ujk9p6uh52f2a8jhf6f37. According to Arkham Intelligence’s portfolio-tracking tool, the wallet contains precisely 36.854 BTC, currently worth $2,969,692.

For Ethereum and its derivatives, more than 3,156 ETH, worth $7,112,748 (at an approximate price of $2,253 each), have been received by the address 0xd477b69551f49C0519F9B18c55030676138890Bd. 

These funds account for the lion’s share of about $7 million from Ethereum, BNB Chain, and Base.

The five recent transactions on the Ethereum receiving wallet include several deposits totaling slightly above 13 ETH, as well as one withdrawal of 0.01 ETH. In total, the multichain portfolio that is connected to these wallets is valued at around $7.115 million and closely matches the exploit estimate when combined with the Bitcoin funds. 

THORChain hack triggers 11% RUNE dip, BTC and ETH hold steady

THORChain’s native currency, RUNE, has seen a substantial price decline following the $10 million multi-chain exploit. According to CoinMarketCap data, RUNE is currently valued at $0.5146, down 11.32% over the last 24 hours. 

The total market cap of RUNE is $180.52 million, while its daily trading volume has skyrocketed to $24.49 million, reflecting panic selling by investors holding RUNE tokens. 

On the other hand, the rest of the stolen crypto coins have been performing fairly well despite the turbulence. Bitcoin increased by 2.61% over the past 24 hours to $81,667.13, bringing the value of the 36.85 BTC stolen to around $3.01 million. 

Ethereum remained almost unchanged, rising by only 0.12% to $2,252.88, while the approximately 3,156 ETH stolen remained at $7.11 million.

Investors struggle in the current crime-driven markets

DeFi security attacks have persisted through May 2026, with some protocols experiencing losses arising from vulnerabilities in their smart contracts on May 10 and 11, including Huma Finance and Ink Finance. 

As reported by Cryptopolitan, Huma Finance suffered an exploit of its V1 smart contracts deployed on the Polygon blockchain on May 11, resulting in the theft of approximately $101,400 worth of USDC and USDC.e tokens.

The attack exploited the BaseCreditPool deployment by leveraging a logic vulnerability in the refreshAccount() function to skip EA approval processes, allowing arbitrary promotions of credit accounts to the “GoodStanding” position.

Meanwhile, Ink Finance became a victim of yet another theft totaling around $140,000 from its Workspace Treasury Proxy contract deployed on Polygon. As reported by Cryptopolitan, the attacker deployed a contract whose address was listed on the whitelist, thereby bypassing eligibility checks for authorized withdrawals from the treasury. Ink Finance has not issued a comment regarding the exploit yet.

If you're reading this, you’re already ahead. Stay there with our newsletter.