
THORChain resumes trading after $10.7M exploit
- THORChain restarted trading services after a month-long halt caused by a US$10.7 million vault exploit.
- The network implemented new security checks, vault verification procedures and software upgrades before resuming operations.
- THORChain is now preparing to launch Monero and Zcash swap functionality as part of its recovery roadmap.
THORChain (CRYPTO:RUNE) resumed trading and network operations after more than a month offline following a May 15 exploit that resulted in approximately US$10.7 million being drained from one vault.
The protocol suspended trading, signing and related services after automatic solvency checks detected an imbalance caused by a vulnerability in its GG20 threshold signature scheme.
“Every vault verified, every keyshare checked,” THORChain said in its announcement confirming the restart.
Before restoring services, the network completed a migration to a new vault set, verified validator keyshares and required validators to approve version 3.19.0, which introduced compromised-vault quarantine and additional recovery mechanisms.
THORChain said swaps, signing, churning, secured assets, trade assets and liquidity provider functions have now returned, while RUNE traded at approximately US$0.419, down 0.2% over 24 hours but up 2% over the previous seven days.
The exploit report stated that a malicious node operator reconstructed a private key through progressive key material leakage, allowing the attacker to drain one vault while four other vaults remained unaffected.
The protocol is also preparing to launch native Monero (CRYPTO:XMR) swaps and future Zcash (CRYPTO:ZEC) support, with traders expected to monitor network stability, liquidity recovery and the effectiveness of the new security measures following the restart.
At the time of reporting, THORChain price was $0.4216.