THORChain Resumes Trading After $10.7M Exploit
THORChain has resumed activity after more than a month of security verifications and upgrades, following a $10.7 million exploit that prompted a trading halt on May 15. In a Tuesday post on X, THORChain restored its network, including trading, signing, swaps and liquidity provider actions.
On Sunday the protocol confirmed the safety of most vaults through the KeyVerify protocol and retired the remaining legacy vaults as part of a migration to a new set of vaults, calling the upgrade the 'most significant milestone' in its recovery. It also completed verification of every node's keyshare on Friday.
THORChain attributed the exploit to a vulnerability in its GG20 threshold signature scheme, which it said allowed a malicious node operator to reconstruct a full private key via 'progressive key material leakage' and steal $10.7 million. An emergency patch on May 20 protected the remaining vaults, an upgrade on June 9 fixed the exploited vulnerability, and a follow-up update on June 11 added stability improvements and fixes to KeyVerify.
thorchain, exploit, 10.7 million, gg20, threshold signature, keyverify, vaults, migration, node keyshare, emergency patch