THORChain confirmed a $10 million exploit detected on May 11 and launched a recovery portal on May 16 for affected users to revoke malicious token approvals and submit refund claims. According to PeckShield's post-mortem analysis, trading and outbound signing were paused within 8 minutes of the detection at 02:14 UTC. The attacker drained 36.75 BTC (approximately $3 million) and roughly $7 million in tokens across BNB Chain, Ethereum, and Base, affecting 12,847 wallets.
Affected users have until June 4 to submit compensation claims through the recovery portal, which is backed by a treasury-funded pool matching the exploit size. Any unclaimed allocation after the deadline will roll over into the protocol's insurance fund.