THORChain Restarts Trading After $10.7M GG20 Key-Leak Exploit
The protocol says it migrated off legacy vaults, verified node keyshares, and set a ZEC-to-XMR-to-TAO integration timeline.
THORChain restored full network operations more than a month after halting activity on May 15 following a $10.7 million exploit. The restart brings trading, signing, swaps, and liquidity provider actions back online after a vault migration and multiple upgrades the protocol says addressed the exploited weakness.
Key Takeaways
- Full THORChain functionality is back online after a May 15 halt tied to a $10.7 million theft.
- The protocol traced the loss to a GG20 threshold-signature flaw that enabled “progressive key material leakage” and private-key reconstruction by a malicious node operator.
- Remediation included a May 20 emergency patch, a June 9 fix for the exploited vulnerability, and a June 11 upgrade focused on stability and KeyVerify fixes.
- Legacy vaults were retired and replaced, and every node’s keyshare was verified as THORChain lined up ZEC, XMR, and TAO support on a near-term schedule.
THORChain Reopens Trading After the May 15 $10.7M Exploit
THORChain has resumed all network activity after a shutdown triggered by a May 15 exploit that the protocol says resulted in $10.7 million stolen. The restart covers trading, signing, swaps, and liquidity provider actions, restoring the full set of functions that matter for cross-chain routing and LP operations.
In a Tuesday post on X, THORChain framed the restart as the “most significant milestone” in its recovery process. The protocol described the return to service as the endpoint of more than a month of security verifications and upgrades, rather than a simple re-enable of trading.
THORChain sits in the critical path for cross-chain swaps between networks such as Bitcoin and Ethereum. That positioning cuts both ways for traders: it can be a liquidity venue, and it can be a routing dependency when markets are stressed.
Inside the GG20 Failure: “Progressive Key Material Leakage” and Private-Key Reconstruction
THORChain attributed the exploit to a vulnerability in its GG20 threshold signature scheme, the mechanism used to secure protocol vaults by splitting key control across multiple node operators. The protocol’s description matters because it defines the trust boundary that failed.
The stated attack path was “progressive key material leakage,” which THORChain said allowed a malicious node operator to reconstruct a full private key. In practical terms, that is the nightmare scenario for any threshold custody model: the system is designed so no single operator can unilaterally sign, yet the exploit narrative ends with one operator effectively assembling enough material to act as the vault.
For traders modeling custody risk, the key point is not just the dollar amount. It is that the protocol’s own explanation centers on key reconstruction, not a one-off UI issue or an isolated contract bug.
Patches, Vault Migration, and KeyVerify: What Changed Before the Restart
THORChain laid out a remediation sequence that reads like an operations reset. It implemented an emergency patch on May 20 aimed at protecting remaining vaults after the exploit. On June 9, it shipped an upgrade that included a fix for the exploited vulnerability. A follow-up upgrade on June 11 added stability improvements and fixes to the KeyVerify protocol.
On Sunday, THORChain said it confirmed the safety of most of its vaults through KeyVerify and retired the remaining legacy vaults as part of a migration to a new set of vaults. It also said it completed verification of every node’s keyshare on Friday.
Two details remain unquantified in the protocol’s disclosures: the exact scope of “most” vaults confirmed safe, and whether any funds were recovered or losses extended beyond the stated $10.7 million.
Next Integrations on Deck: ZEC First, Then XMR, With TAO in ~Six Weeks
With the network back in full trading mode, THORChain outlined a near-term integration roadmap that creates clean checkpoints for execution. The protocol said it plans to launch native swaps and vaults for Zcash (ZEC) within the next two weeks, followed by Monero (XMR). It also targets support for the Bittensor (TAO) token in about six weeks after the restart.
For market participants, the timeline is as important as the assets. Delivery of ZEC within the stated window will be the first test of whether development velocity holds post-incident, and whether any additional vault or key-verification updates accompany the rollout. The follow-through on XMR, and whether it arrives with added hardening disclosures, will be the next signal. TAO support will likely hinge on testnet-to-mainnet cadence and whether the six-week target slips.
How to Frame THORChain’s Post-Restart Risk for Cross-Chain Routing
I treat this restart as a security-and-operations reset, not a clean bill of health. THORChain is telling the market it did three things before flipping the lights back on: patched and upgraded the code path tied to the exploit, retired and migrated vault infrastructure, and verified node keyshares. That is the right sequence if the failure mode was key material leakage.
The threshold that matters is whether the protocol can ship the ZEC-to-XMR roadmap on schedule without new halts or fresh disclosures that expand the blast radius beyond the stated $10.7 million. If that holds, the setup starts to look structural rather than narrative-driven, because uptime and integration throughput are what keep cross-chain liquidity sticky in practice.
