Echo Protocol Joins THORChain, Verus as May Hack Count Reaches 14

This article is for informational purposes only. Always verify information independently before making any decisions.

According to Ambcrypto and Coinstats.app, May 2026 has brought $44 million in DeFi protocol losses across 14 separate hacks. Echo Protocol is the latest to fall. In just a two-week span, Echo joined THORChain and Verus as high-profile victims. This shows attackers display growing coordination and greater technical skill. THORChain’s breach alone cost the protocol $10.1 million.

According to CoinStats, with $44 million confirmed stolen, the total 14 hacks so far in May 2026 already surpass last year’s full-month tally. This month is now the costliest May yet for DeFi exploits. The three largest incidents—THORChain, Echo Protocol, and Verus—make up nearly half the month’s losses. This highlights weak risk controls between protocols. THORChain’s breach makes up just over 22 percent of what was stolen, making it the most severe incident so far.

Latest News

According to AMBCrypto, on May 2, anomaly detection systems spotted suspicious activity on THORChain. This exposed the ongoing exploit. Pools were halted early May 3, but $10.1 million had already been drained using advanced smart contract attacks. Echo Protocol’s breach, confirmed May 9, used a cross-chain bridge bug and caused $3.2 million in rapid losses—all in less than one hour. According to CoinStats, May 12 saw Verus exploited at the validator level, breaking liquidity and causing a token price crash.

Another bridge hack another $292 million gone.

An attacker forged a cross-chain message on Kelp DAO's LayerZero bridge minted 116500 rsETH out of thin air and used them as collateral to drain real ETH from lending protocols. The emergency multisig paused everything 46 minutes… https://t.co/yle8wXhyBD

— THORChain (@THORChain) April 19, 2026

Explore Our Tools

• Security Audit Trackers:Secureshift.io maintains a dashboard showing recent multi-chain attacks and protocol risk scores across DeFi. Considerable breaches prompt immediate changes in user trust and liquidity.
• Incident Reporting Feeds:Cryptometer.io provides real-time alerts on new attacks. It flags validator and bridge-level incidents so users can act swiftly. Protocol response speed shapes user confidence.
• DeFi Risk Score Indexes:coinstats.app ranks protocols using exploit frequency and capital flows. Many breaches in May forced a major reshuffle, downgrading many protocols.
• On-Chain Analytics:According to AMBCrypto, up-to-date total value locked (TVL) charts now show steep declines after each major exploit in May.

Unhashed Newsletter

Per coinstats.app, the “Unhashed” newsletter saw a 27 percent jump in signups during May.

+27% — “Unhashed” Newsletter Signups in May (CoinStats)

How THORChain lost over $10.1 million through a protocol exploit.

According to AMBCrypto, the THORChain hack happened between May 2 and May 3, 2026. Attackers used well-planned transactions in several steps to trick the protocol’s accounting for Bitcoin, Ethereum, and Binance Smart Chain. Internal auditors report that $10.1 million was stolen through a flaw in the protocol’s smart contracts.

Total Value Locked (TVL)—the total amount of capital secured by a protocol—fell from $643 million to $573 million in sixteen hours.

A postmortem cited in “THORChain Exploit Drains Millions Across Bitcoin, Ethereum” states that a patch in late April failed to prevent multi-bot attacks on reconciliation thresholds.

ZachXBT: THORChain Exploit Losses May Exceed $10M

Blockchain investigator ZachXBT issued a community alert stating that THORChain was likely exploited across Bitcoin, Ethereum, BSC, and Base, with losses exceeding $10 million. The protocol subsequently paused trading and… pic.twitter.com/sss1DUfwAA

— Wu Blockchain (@WuBlockchain) May 15, 2026

According to coinstats.app, THORChain developers paused all pools at 01:23 UTC and began a full forensic investigation, bringing in outside auditors.

Understanding THORChain’s exploit

Independent security experts, as reviewed by AMBCrypto, are focusing on multi-party computation (MPC) wallet systems as a common cause of vulnerabilities.

According to coinstats.app, Echo Protocol and Verus suffered major exploits within ten days of the THORChain breach. Each lost over $3 million and was attacked through bridge or validator code.

$22M — Lost in Cross-Chain / Multi-Sig Exploits (May 2026)

Echo Protocol and Verus: Anatomy of Recent Breaches

As reported in “THORChain Exploit Drains Millions Across Bitcoin, Ethereum,” the May 9 Echo Protocol attack targeted bridge smart contracts. About $3.2 million was lost in less than one hour. Logs from secureshift.io show attackers tricked relay nodes by faking time-locked approvals. This let them spend coins twice across connected blockchains. Echo paused all swaps and asset minting for 36 hours. This move stopped withdrawals and affected over 45,000 wallets. TVL crashed from $87 million to $41.5 million in one day, a 52 percent drop.

CoinStats confirms that Verus Labs reported a severe exploit on May 12. It targeted validator reward contracts and stole $3.8 million from the protocol’s treasury.

Data from coinstats.app and “THORChain Exploit Drains Millions Across Bitcoin, Ethereum” shows that over $22 million in the top five May exploits are from cross-chain or multi-signature protocol weaknesses.

Lessons for DeFi Users and Protocol Designers

• Real-time Monitoring:According to secureshift.io, protocol teams cut theft detection times from days to hours by using live on-chain threat dashboards. This quick response is now vital as attack windows shrink.
• Smart Contract Overhauls:Per coinstats.app, seven of fourteen hacked protocols changed core contracts or added new security tools by May 17. Rapid upgrades are now common after a breach.
• Insurance Pools:According to AMBCrypto, user deposits in protocol-run insurance vaults jumped 340 percent in May, reaching $24.7 million. More users want fallback protection after so many attacks.
• User Withdrawal Patterns:cryptometer.io logs show that emergency withdrawals now average thousands of wallets per hack, up from hundreds in April. Fast withdrawals have become the typical user reaction to breaking news of an exploit.
• Protocol Valuation Drops:secureshift.io reports that protocols hit by essential hacks lose, on average, 42 percent of their TVL. More than half do not recover their user numbers within four weeks after the hack. Trust now links closely with how quickly teams respond to attacks.

Glossary of Main DeFi Terms

• DeFi:Decentralized Finance. Financial services built on blockchain networks without traditional banks.
• TVL (Total Value Locked):The total amount of user funds secured in a DeFi protocol’s smart contracts.
• MPC Wallet (Multi-Party Computation Wallet):A digital wallet where private keys are divided among several entities (called validators) to enhance security and decentralization.
• Validator:A node or participant that helps verify transactions and maintain the blockchain. In DeFi, validators can also approve transactions or changes.
• Bridge:A protocol that allows tokens or data to move between different blockchains.
• Liquidity Pool:A collection of funds locked in a smart contract, used for trading or lending.
• Smart Contract:Self-executing code on the blockchain that enforces rules automatically.

Comparing THORChain, Echo Protocol, and Verus Breaches

TVL and token price data show considerable user withdrawal spikes within three hours of a hack announcement. These cascades cause pool imbalances, with losses (slippage) sometimes over 9 percent.

What Comes Next for Protocol Security?

According to AMBCrypto, the spike in DeFi attacks is pushing protocol teams to review how they handle code, keys, bridges, and validator groups. Protocols are now layering their defenses. This means ongoing contract reviews, real-time incident monitoring, and automatic withdrawal limits in risky situations.