THORChain Exploit Breakdown

A $10 million exploit targeting a single Asgard vault on the THORChain network occurred due to a vulnerability in the GG20 Threshold Signature Scheme (TSS) code. An attacker extracted private key shares, enabling unauthorized transactions before the network’s automated solvency detection system halted operations. The development team is currently evaluating whether to patch the existing GG20 implementation or migrate to the more secure DKLS cryptography, which is widely used by institutional platforms. Potential recovery strategies include slashing the malicious node, utilizing Protocol Owned Liquidity (POL), or inflating the RUNE token to cover losses. Despite the incident, the protocol remains operational as neutral, permissionless infrastructure, with the community prioritizing a transparent, consensus-driven approach to address the insolvency and reinforce long-term security through improved node accountability and potential migration to more robust cryptographic standards.

Outlines

Part 1: Breach, Response

Part 2: Cryptography, Technical Analysis

Part 3: Recovery, Architecture

Part 4: AI, Ethos, Roadmap

Sign in to continue reading, translating and more.

Continue

THORChain Community

Part 1: Breach, Response

Initial Breach Details and the $10 Million Exploit

Identifying the Malicious Node and Assessing Fund Safety

Automated Solvency Detection and the MakePause Security Mechanism

Part 2: Cryptography, Technical Analysis

Technical Breakdown of the GG20 MPC Vulnerability

Evaluating the Migration from GG20 to DKLS Cryptography

Part 3: Recovery, Architecture

Socializing Losses and Strategies for Protocol Recovery

Historical Resilience and the Evolution of THORChain Security

Architectural Trade-offs Between MonoVault and MultiVault Systems

Part 4: AI, Ethos, Roadmap

The Impact of AI on Open Source Protocol Security

Maintaining Permissionless Neutrality in the Face of Exploits

Roadmap for Resuming Network Operations and Future Patches

THORChain Exploit Breakdown

THORChain Community

Part 1: Breach, Response

00:02Initial Breach Details and the $10 Million Exploit

Initial Breach Details and the $10 Million Exploit

06:44Identifying the Malicious Node and Assessing Fund Safety

Identifying the Malicious Node and Assessing Fund Safety

12:15Automated Solvency Detection and the MakePause Security Mechanism

Automated Solvency Detection and the MakePause Security Mechanism

Part 2: Cryptography, Technical Analysis

24:04Technical Breakdown of the GG20 MPC Vulnerability

Technical Breakdown of the GG20 MPC Vulnerability

33:00Evaluating the Migration from GG20 to DKLS Cryptography

Evaluating the Migration from GG20 to DKLS Cryptography

Part 3: Recovery, Architecture

41:38Socializing Losses and Strategies for Protocol Recovery

Socializing Losses and Strategies for Protocol Recovery

51:12Historical Resilience and the Evolution of THORChain Security

Historical Resilience and the Evolution of THORChain Security

1:02:13Architectural Trade-offs Between MonoVault and MultiVault Systems

Architectural Trade-offs Between MonoVault and MultiVault Systems

Part 4: AI, Ethos, Roadmap

1:12:15The Impact of AI on Open Source Protocol Security

The Impact of AI on Open Source Protocol Security

1:22:21Maintaining Permissionless Neutrality in the Face of Exploits

Maintaining Permissionless Neutrality in the Face of Exploits

1:31:51Roadmap for Resuming Network Operations and Future Patches

Roadmap for Resuming Network Operations and Future Patches