THORChain confirms $10M exploit, rolls out recovery portal for affected users

THORChain confirmed a $10 million exploit and deployed a recovery portal to help affected users across four blockchain networks. The portal enables users to revoke malicious token approvals and claim refunds from the compromised protocol.

The exploit leveraged unauthorized token approvals, a common attack vector in decentralized finance. Attackers gained the ability to transfer user assets without explicit transaction signatures. THORChain's response centered on giving users tools to immediately revoke these approvals and recover their funds.

The recovery portal operates across four chains simultaneously, addressing the cross-chain nature of the attack. Users can connect their wallets to the portal, identify affected token approvals, and execute revocation transactions. This approach limits additional damage by cutting off the attacker's access to user accounts.

The $10 million figure represents the total value extracted during the exploit window. The exact attack vector remains under investigation, but THORChain's engineering team identified the vulnerability quickly enough to contain further losses. The protocol maintained liquidity pools and continued normal operations while addressing the security breach.

THORChain's recovery mechanism differs from traditional refund processes. Rather than the protocol itself issuing compensation, affected users regain control of their assets by revoking malicious approvals and accessing recovery funds. This approach places responsibility on users to verify their account status through the portal.

The incident highlights ongoing risks in cross-chain protocols and token approval mechanisms. Attackers consistently target approval-based vulnerabilities because they grant sustained access to user funds without repeated authorization. THORChain joins a growing list of protocols that experienced significant exploits in recent years.

Token approvals remain a persistent attack surface. Users often grant unlimited spending permissions to dApps or liquidity pools, creating opportunities for exploitation if smart contracts contain bugs or get compromised. Security audits catch many issues, but sophisticated exploits occasionally slip through.

THORChain's