Lately, not a month goes by without news of a theft on a cryptocurrency platform. Moreover, these operations are becoming quite fruitful for thieves, who in one fell swoop take away tens of millions of dollars in crypto assets.
This time it was the turn of the crosschain trading protocol THORChain, founded in 2018 and based in Switzerland.
The cybersecurity firm Peckshield and researcher Zachary Wolk (known by the alias ZachXBT) were the ones who raised the alarm.
Last Friday, both reported that more than 36 Bitcoins had been stolen, with an approximate value of 3 million dollars, and a separate Ethereum wallet with around 216 ETH, valued at 7 million dollars in cryptocurrencies.
THORChain has published a statement explaining that they suspended operations after detecting the breach and that initial indications suggest that “user funds are safe and only funds owned by the protocol have been affected.”
They also point out that their network automatically detected anomalous behavior and stopped signing activity, which alerted the community and prevented further outgoing transactions.
Although THORChain claims that the investigation is ongoing, they have been able to confirm that one of their six vaults was compromised, “resulting in a loss of approximately 10.7 million dollars.”
A source of income for North Korea
Unfortunately, this is not the first time cybercriminals have targeted the service. Last year, one of the co-founders of this platform lost cryptocurrencies worth 1.2 million dollars after a suspected North Korean hacker illegally accessed his account.
The theft of crypto assets is a strategy frequently used by APT groups linked to Pyongyang to finance the North Korean regime.
So far in 2026, very large thefts have been perpetrated on these exchanges, such as the one that occurred a month ago when the cryptocurrency infrastructure developer LayerZero suffered a theft valued at 290 million dollars, supposedly linked to the Lazarus operation.
Lately, not a month goes by without news of a theft on a cryptocurrency platform. Moreover, these operations are becoming quite fruitful for thieves, who in one fell swoop take away tens of millions of dollars in crypto assets.
This time it was the turn of the crosschain trading protocol THORChain, founded in 2018 and based in Switzerland.
The cybersecurity firm Peckshield and researcher Zachary Wolk (known by the alias ZachXBT) were the ones who raised the alarm.
Last Friday, both reported that more than 36 Bitcoins had been stolen, with an approximate value of 3 million dollars, and a separate Ethereum wallet with around 216 ETH, valued at 7 million dollars in cryptocurrencies.
THORChain has published a statement explaining that they suspended operations after detecting the breach and that initial indications suggest that “user funds are safe and only funds owned by the protocol have been affected.”
They also point out that their network automatically detected anomalous behavior and stopped signing activity, which alerted the community and prevented further outgoing transactions.
Although THORChain claims that the investigation is ongoing, they have been able to confirm that one of their six vaults was compromised, “resulting in a loss of approximately 10.7 million dollars.”
A source of income for North Korea
Unfortunately, this is not the first time cybercriminals have targeted the service. Last year, one of the co-founders of this platform lost cryptocurrencies worth 1.2 million dollars after a suspected North Korean hacker illegally accessed his account.
The theft of crypto assets is a strategy frequently used by APT groups linked to Pyongyang to finance the North Korean regime.
So far in 2026, very large thefts have been perpetrated on these exchanges, such as the one that occurred a month ago when the cryptocurrency infrastructure developer LayerZero suffered a theft valued at 290 million dollars, supposedly linked to the Lazarus operation.