THORChain sets 11-step restart plan after $10.7M hack

THORChain has moved into the next phase of its recovery from the May 15 vault exploit. 

Validators are now reviewing version 3.19.0, which combines security patches with the ADR-028 loss-recovery plan.

The release also introduces a mechanism that can quarantine a compromised vault. THORChain said this would stop an affected vault from processing transactions while keeping its activity visible to the network.

Validators review THORChain v3.19.0

“The next major step in the recovery process is now underway,” THORChain said in its sixth incident update. Validators must vote to approve v3.19.0 before the network can begin the staged upgrade.

The release contains patches for the threshold signature system used to control THORChain vaults. It also implements ADR-028, the governance plan approved after the exploit. The protocol said the upgrade would move the network closer to restoring normal operations.

Version 3.19.0 includes a new Compromised Vault Mimir setting. Once enabled, the setting will isolate the drained vault from transaction processing without removing it from network monitoring.

Keyshare checks come before signing resumes

THORChain plans to validate the ADR-028 data migration after validators complete the upgrade. Every node must then verify the integrity of its keyshares through a temporary protocol called keyverify.

Keyshares allow validators to sign vault transactions together without one operator holding the full private key. The added check aims to confirm that the remaining shares are intact before signing restarts.

After those checks, validators will unhalt signing and start a churn. Churning replaces the active validator set and transfers assets into newly generated vaults. The network will wait for that process to finish before restoring other services.

Secured and Trade assets will return first. Liquidity-provider actions will follow, while trading will resume at the end of the 11-step process. Each stage depends on the previous checks completing successfully.

ADR-028 covers losses without new RUNE

As previously reported by crypto.news, THORChain validators approved ADR-028 in May. The plan uses protocol-owned liquidity to absorb losses before allocating any remaining shortfall across synthetic asset holders.

The framework does not mint or sell new RUNE. It also avoids direct dilution for existing holders. Future system income will help rebuild protocol-owned liquidity after the restart.

THORChain also activated a bounty window for the attacker and approved the full slashing of the linked node. The protocol said innocent nodes that shared the affected vault would remain protected.

Full restart still depends on validators

The May 15 exploit drained about $10.7 million from one of THORChain’s five vaults. THORChain’s report said a newly added node exploited a weakness in the GG20 threshold signature implementation. Four other vaults remained unaffected.

Automatic solvency checks detected the imbalance and halted signing within minutes. Node operators later paused trading, chain observation and churning while developers investigated the attack.

Validator approval of v3.19.0 would begin the final technical sequence, but it would not restore every service at once. THORChain will reopen signing, asset functions, liquidity actions and trading in stages after completing the vault, migration, keyshare and churn checks.