Intesa Sanpaolo doubles crypto to $235M; THORChain opens $10M portal

Intesa Sanpaolo more than doubled its crypto holdings to about $235 million as of March 31, 2026, up from roughly $100 million at the end of 2025. The increase was driven largely by larger positions in Bitcoin exchange-traded products and new exposure to staked Ethereum and XRP. Filings place the holdings inside the bank’s trading book.

The bank increased allocations to major Bitcoin ETFs, including additional positions in the ARK 21Shares BTC ETF and BlackRock’s iShares Bitcoin Trust. It initiated a stake in BlackRock’s iShares Staked Ethereum Trust and took a new position in an XRP ETF valued at roughly $26 million. Intesa Sanpaolo also entered the derivatives market for the first time in crypto by purchasing call options linked to a prominent Bitcoin trust.

At the same time, the lender sharply reduced its Solana exposure. Holdings in the Bitwise Solana Staking ETF fell from 266,320 shares to 2,817 shares between reporting periods. The bank has stated that the disclosed crypto positions are held for proprietary trading and has not specified whether any assets are used to hedge products offered to professional clients.

On a separate front, THORChain confirmed an exploit that removed about $10 million in value across multiple chains and launched a recovery portal for affected users. The protocol reported the attack was detected on May 11 at 02:14 UTC when node operators flagged unusual outbound transactions; trading and outbound signing were paused within eight minutes.

Attackers drained 36.75 BTC, roughly $3 million, and about $7 million in tokens across BNB Chain, Ethereum and Base. The incident affected 12,847 wallets across four chains.

The recovery portal provides a self-custodial process for users to revoke malicious token approvals and submit claims for compensation. The portal included a notice that “affected users are now able to check what they will be paid as compensation following the exploit.” THORChain has provisioned a refundable pool equal to the reported losses to support payouts.

Users have 21 days to file claims. The refund window closes on June 4; any unclaimed allocation will move into the protocol’s insurance fund after that date. Investigations into how the attacker obtained access to outbound signing are ongoing.

Intesa Sanpaolo’s filings show the bank is using ETF-based and tokenized products within its trading book, while THORChain’s recovery portal aims to provide a structured path for restitution as the protocol completes its investigation.