THORChain has resumed all network activity — trading, swaps, signing, and liquidity provider actions — more than a month after a $10.7 million exploit forced the cross-chain protocol to halt operations on May 15.
The recovery process was extensive. The team verified the safety of most vaults through its KeyVerify protocol, migrated remaining legacy vaults to a new set, and confirmed every node’s keyshare. THORChain called it the “most significant milestone” in its recovery.
The exploit itself was traced to a vulnerability in the protocol’s GG20 threshold signature scheme, which distributes key control across multiple node operators. A malicious node operator was able to reconstruct a full private key through what THORChain described as “progressive key material leakage.” An emergency patch went out on May 20, followed by a full fix in a June 9 upgrade.
THORChain is one of the largest cross-chain trading protocols, letting users swap assets between networks like Bitcoin and Ethereum. That utility has also made it a target — blockchain investigators have previously flagged it as a route for laundering stolen funds.
The relaunch is a positive sign, but the protocol will be under scrutiny for a while. Trust, once broken, takes longer to rebuild than code.
