Incident case
THORChain 2021 ETH Router exploit 1
In July 2021, an attacker used a contract positioned in front of THORChain's ETH Router to make Bifrost report deposits that had not actually been received, ultimately draining ETH and contributing to protocol insolvency.
reviewedcurrent
Incident facts
- Incident title
- THORChain 2021 ETH Router exploit 1
- Bridge
- THORChain
- Incident date
- 2021-07-15
- Incident type
- Exploit
- Major incident
- Yes
- Affected chains
- THORChain, Ethereum
- Affected assets
- ETH
- Attack category
- Cross Chain Contract Exploit
- Reported loss
- $8 million official estimate; $5 million secondary estimate
- Recovery
- Unknown
- Reimbursement
- Completed
- Restart
- Reopened
- Current outcome
- Active After Incident
- Resolution
- Final outcome known
- Last reviewed
- 2026-06-14
- Last verified
- 2026-06-14
Timeline events
First THORChain ETH Router exploit disclosed2021-07-15
THORChain halted the network after the first July 2021 ETH Router incident.
Treasury coverage and staged recovery plan announced2021-07-30
The official postmortem assigned liquidity-provider losses to treasury coverage and described a staged recovery and reopening plan.
Evidence records
- Post-Mortem: ETH Router Exploits 1 & 2, and Premature Return to Trading IncidentTHORChain · Tier 1 · 2021-07-30
- THORChain - REKTRekt · Tier 3 · 2021-07-16
Known unknowns
- The exact realized dollar loss depends on valuation timing and whether later operational insolvency effects are included.