THORChain Halted for $500. Not $1.4B. And That’s Good

Litecoin recently underwent a reorg that exposed crosschain protocols to double spends. The damage was relatively minimal as most protocols caught it quickly and Litecoin contributors managed to quickly patch the bug and move forward.

THORChain has been facing heat over "illicit flows" ever since the Bybit Hack last year. The recent Kelp DAO hack also created controversy around THORChain.

Over this past weekend, the Litecoin Reorg led to an automatic insolvency halt for the THORChain protocol. This halt has added fuel to the fire as people are saying "THORChain can halt over a $500 Litecoin hack but not for billions of dollars in illicit flows".

As someone who builds in this space (LeoDex) and spends a lot of time looking at transactions onchain — as well as determining the true decentralization of protocols — I want to explore what happened with Bybit, Kelp DAO, and the recent Litecoin reorg in contrast with THORChain's varying responses to these events.

The question everyone is asking: if THORChain can halt under certain scenarios, why does it halt under some but not others?

A Brief Litecoin Reorg Timeline

There are plenty of other articles covering what happened with Litecoin in detail. Here's a brief timeline with THORChain's response overlayed:

• ~Late March 2026 — Litecoin core developers privately patch an MWEB consensus bug. The fix is committed to GitHub between roughly March 19–26. The patch is not pushed as a mandatory upgrade, leaving unpatched mining pools vulnerable.
• ~38 hours before the attack — The attacker pre-funds a wallet via a Binance withdrawal, with the destination address already configured to swap LTC into ETH on a DEX.
• April 25, 2026 — A coordinated DoS hits major Litecoin mining pools running patched software. Unpatched nodes — now controlling more hashrate — accept invalid MWEB peg-out transactions. A fork begins at block 3,095,930.
• During the ~3-hour fork window — The attacker pushes invalid peg-outs to cross-chain DEXs and attempts double-spends against bridges and swap protocols. NEAR Intents reports ~$600k of exposure.
• April 25, fork resolves at block 3,095,943 — The DoS subsides. Patched nodes regain hashrate majority and execute a 13-block reorg, wiping the invalid chain. The main chain settles clean.
• Same window — THORChain side — A Litecoin transaction THORChain had already credited gets reversed by the reorg. THORChain's Asgard Vault accounting now shows a ~$500 discrepancy between expected balance and actual on-chain LTC.
• Automatically and without human intervention — THORChain's Automatic Solvency Checker detects the divergence. Once >1/3 of nodes report insolvency, Litecoin trading on THORChain auto-halts. No vote, no admin action.
• Litecoin Core v0.21.5.4 released (April 25) — The Litecoin Foundation publishes the patch and urges all node operators to upgrade.
• April 26 — JP Thorbjornsen publicly clarifies that the auto-pause was triggered by code, not by humans. The Litecoin Foundation declares the network stable. GitHub commit history begins to surface, raising questions about the "zero-day" framing.
• Once solvency restored — Per protocol design, when 2/3+ of THORChain nodes confirm balances are reconciled, Litecoin trading auto-resumes. No manual action required.

How THORChain's Automatic Solvency Checker Works

THORChain's protocol has the ability to automatically halt when there is a question of solvency. In this scenario, THORChain's internal accounting via Asgard vaults detected a $500 discrepancy vs. onchain balances.

This led to a code-triggered ASC (Automatic Solvency Checker).

• When 1/3 of nodes detect an insolvency onchain, the chain auto-halts.
• When 2/3 of nodes determine that solvency is restored, the chain auto-resumes.

There is no human in the loop. No multisig. No admin key. The protocol enforces its own integrity — and that's exactly what happened over the weekend.

Crypto: Code Is Law?

Satoshi built Bitcoin on a critical ideal: Code is Law.

In a sufficiently decentralized system, code is the law. Whatever the outcome is onchain, that outcome should happen based on the laws (code) written by that chain.

In systems where humans are still in control, funds can be frozen. Actions can be coordinated. This is not inherently wrong, but it is inherently against Satoshi's ideals.

Ask yourself this critical question: Why do hackers move to BTC?

Go back to the Bybit hack. The Kelp DAO hack. Look at every major DeFi exploit of the past two years.

The hackers move from ETH to BTC. Why do they do that? Why are they moving crypto from other chains to Bitcoin as fast as they possibly can?

The simple answer: Bitcoin's chain is not going to freeze funds or halt over illicit flows. Bitcoin is sufficiently decentralized to the point where miners would have to collectively decide to halt or freeze funds. The damage to the network would be too great to do this — so it never happens.

Compare that to what happened on Arbitrum during the Kelp DAO exploit: the Arbitrum Security Council froze $71M of stolen ETH within hours. Tether froze $9M of Bybit-linked funds. Mantle froze $41M. These chains can freeze funds because they are not sufficiently decentralized to resist that pressure.

The hackers know this. That's why they sprint to Bitcoin.

Is THORChain Sufficiently Decentralized?

The argument for why BTC can "get away with this" but THORChain cannot is going to be: "THORChain has halted in the past… look, they just did it for Litecoin!"

My counterargument is that THORChain nodes are in charge — similar to Bitcoin. It is technically possible to halt Bitcoin or freeze wallets. You just have to get enough of the miners to agree on it. Will that actually happen? Extremely unlikely.

The same goes for THORChain. The code is the law. If the nodes on the THORChain network feel that the code is still functioning correctly, they are unlikely to halt over certain flows. Is that right or wrong? That's a subjective question in many cases, and an objective one in others.

In the case of true decentralization and "code is law" ideals, it is the right approach. If THORChain were to freeze funds or halt a chain, there must be sufficient coordination in a way that is decentralized. If there wasn't, THORChain's model of being a decentralized crosschain swapping protocol would be dead anyway.

It's also worth noting that THORChain's nodes can opt out by churning out — turning themselves off — without disrupting the network. No single node can force a halt. No single node can prevent one. That is what decentralization actually looks like in practice.

What Should Be Done

I completely agree with this X post from Erik Voorhees. Decentralized blockchains operate on a "code is law" architecture. If a small group of human actors can intervene to halt, alter, or freeze funds, then it undermines the entire foundation of what decentralized crypto is meant to be.

I don't believe in bad actors. I don't want to see real people get hurt. I don't even want to see centralized exchanges (businesses) get hurt either. It's immoral and wrong.

That said, it is not the responsibility of decentralized protocols to intervene unless the nodes in that network decide they want that responsibility. Attacking a community and a protocol that is sufficiently decentralized for not taking action is the wrong approach.

This will lead to a slippery slope.

Answer this for me in the comments: if billions of dollars per year are hacked in crypto and then moved to BTC, should the BTC miners coordinate to freeze wallets, funds, and potential bad actors? Why should THORChain act differently?

Trade crypto on 107+ DEXes simultaneously with the industry's best rates -> https://leodex.io