THORChain Hack Exposes Major Security Flaw as $10M Recovery Plan Launches

• THORChain paused trading quickly after attackers drained millions across four blockchains.
• Investigators linked leaked vault keys and suspicious nodes to exploit operations.
• Rising crypto hacks increase pressure on THORChain recovery and security improvements.

THORChain has confirmed that attackers exploited weaknesses tied to its vault infrastructure, draining nearly $10 million across multiple blockchain networks. The protocol has now launched a recovery portal allowing affected users to revoke malicious approvals and submit compensation claims backed by a treasury-funded recovery pool.

According to THORChain Foundation, the exploit affected 12,847 wallets across Bitcoin, Ethereum, BNB Chain, and Base. Attackers stole approximately 36.75 BTC alongside millions of dollars in additional crypto assets. Node operators detected suspicious outbound transactions at approximately 02:14 UTC on May 11. Consequently, THORChain paused trading activity and outbound signing within eight minutes to limit additional losses.

Moreover, the protocol immediately introduced a compensation process through its recovery portal. Users can now check estimated refund allocations before submitting claims directly through the platform. THORChain confirmed that affected users have until June 4 to complete the process. Additionally, any unclaimed funds will later transfer into the protocol’s insurance reserve.

Also Read: Malta Gives Citizens Free ChatGPT Plus Access Through National AI Push

THORChain Investigates Vault Key Exposure

THORChain stated that investigators currently believe attackers exploited vulnerabilities tied to the GG20 threshold signature scheme implementation. According to the protocol, the flaw gradually exposed sensitive vault key material over time. Investigators explained that attackers likely accumulated enough leaked information to reconstruct private vault keys successfully. Consequently, the attackers gained authorization to execute outbound transactions without triggering standard protections.

Additionally, THORChain revealed that a newly churned node joined the network several days before the exploit occurred. Blockchain investigators later linked the node’s bonding addresses to wallets receiving stolen assets during the attack. Besides internal investigations, THORChain confirmed that it continues working with Outrider Analytics and law enforcement agencies. The protocol hopes those efforts could help identify attackers and recover part of the stolen funds.

Meanwhile, the exploit arrived during a period of rising crypto-related security incidents. Industry reports showed that hacks reached approximately $629.7 million in April alone. Significantly, KelpDAO and Drift Protocol represented most of those losses following separate exploits exceeding $570 million combined. Reports also showed that attackers increasingly target operational weaknesses instead of basic smart contract flaws.

However, THORChain attempted to reassure users by funding a compensation pool matching the estimated exploit losses. The protocol also stated that users can revoke malicious approvals without surrendering custody of their wallets.

Conclusion

In conclusion, THORChain now faces growing pressure to restore confidence after the exploit exposed major security concerns within its infrastructure. The recovery plan could play a critical role in rebuilding trust across the protocol’s community.

Also Read: Elon Musk Revisits Dogecoin Support as Meme Coin Narrative Returns

The post THORChain Hack Exposes Major Security Flaw as $10M Recovery Plan Launches appeared first on 36Crypto.