THORChain (RUNE)

Lookonchain discovered three major hacks in just four days • On May 15, THORChain was exploited, with stolen funds exceeding $10M. • On May 18, the Verus-Ethereum Bridge was hacked, with ~$11.5M stolen. • Today, Echo Protocol was exploited, the hacker minted 1,000 eBTC ($76.64M) and has already used it to steal 385 ETH ($821K). What is really going on?

JUST IN: THORChain confirms attack vector is unrelated to known GG20 exploits. Version 3.18.1 releasing tomorrow for node operators. New Discord channel opened for community governance on lost funds https://t.co/aeX5fFFcDq

The THORChain attacker did not just show up and steal $9.8M… They spent weeks rehearsing. >Monero for privacy. > Hyperliquid to move funds without flags. > THORChain to bond a node and get inside the protocol's own infrastructure. The last preparatory transaction happened 5 hours before the attack. The wallet that received the stolen funds was loaded just 43 minutes before. They tested the escape route before they committed the crime. This was a choreographed operation with a weeks-long dry run on the same exact rails they'd use to escape. The full thread by @chainalysis breaks every hop down. Worth reading slowly. 👇

50% of the DeFi TVL is gone since October 📉 And this happens because we are tired of these exploits. > Thorchain ( $RUNE ) on May 15 > Echo Protocol today on Monad ( $MON ) The attacker minting 1k eBTC, borrowing WBTC against a portion of it, and funneling around $821.7K in ETH through Tornado Cash. 👉 HACKS DON’T END WITH THE HACK Every exploit creates a second wave. First, the protocol loses funds. Then users start asking: “Where else am I exposed?” That is when withdrawals begin, LPs pull back, yields collapse, and the TVL chart starts falling again. KelpDAO showed this clearly in April. One major hack, then nearly $13B left DeFi in 48 hours. Now we have seen three hacks in four days. You can imagine what the market is thinking. 👉 THE WEAK POINTS ARE BIGGER THAN CODE The uncomfortable part is that DeFi’s risk is not only smart contracts. 40% of major bridge validators reportedly run on the same three cloud providers. So while the front-end looks decentralized, some of the backbone still depends on the same choke points. That is not a small problem. 👉 THIS IS WHY BIG MONEY HESITATES JPMorgan called hacks the main barrier to institutions entering DeDeFi. And honestly, can you blame them? 40+ protocols have already shut down in 2026. DeFi still has the vision. But right now, the market is not asking “where is the yield?” It is waiting for survival

imajin having your name as a crypto regulator that goes for HL and not errant chinese CEXs and Thorchain