Node exploit drained $10.7M, trading halted
On May 15, 2026, a malicious node exploited a flaw in THORChain's threshold-signature scheme to rebuild a vault's signing key and drain about $10.7M from one Asgard vault. The funds were protocol-owned; user swaps and LP positions stayed safe. THORChain halted trading, signing, and churning, slashed the attacker's bond, and patched the flaw in v3.18.1 and v3.19.0. Node operators approved the ADR-028 recovery plan, which absorbs the loss through protocol-owned liquidity without minting RUNE or diluting holders. As of mid-June the network runs a staged restart and trading remains paused. Read more Show less
On May 15, 2026, a malicious node exploited a flaw in THORChain's threshold-signature scheme to rebuild a vault's signing key and drain about $10.7M from one Asgard vault. The funds were protocol-owned; user swaps and LP positions stayed safe.
THORChain halted trading, signing, and churning, slashed the attacker's bond, and patched the flaw in v3.18.1 and v3.19.0. Node operators approved the ADR-028 recovery plan, which absorbs the loss through protocol-owned liquidity without minting RUNE or diluting holders. As of mid-June the network runs a staged restart and trading remains paused.
Stepped down from -12 on resolution · fades to 0 by Dec 2026
Always worked for me the times I've used it, but realize these are on chain transactions so caution is advised regarding privacy.