THORChain Rocked by $10M Exploit as Network Pauses Operations

- Network paused after $10 million exploit tied to threshold signature vulnerability - Chainalysis links attack to single actor using pre-funded wallets and privacy tools On May 16, 2024, CoinDesk reported that THORChain halted its network after suffering a $10 million exploit tied to a vulnerability in its GG20 threshold signature scheme. According to CoinDesk, blockchain analytics firm Chainalysis found that the attacker used pre-funded wallets and conducted complex transactions across multiple blockchains. This activity prompted THORChain to pause network operations immediately and open an investigation. Project representatives emphasized that the exploit did not affect user funds, and they clarified that there will be no refunds, airdrops, or compensation. Therefore, they warned users to avoid scam recovery offers that appeared following the incident. Chainalysis identified the perpetrator as a single operator who drained assets, including 36.75 BTC and more than 3,100 ETH, by employing blockchain bridges and privacy-oriented tools such as Monero, and the attacker had strategically prepared wallets ahead of the event. CoinDesk reported that THORChain’s team responded publicly on X (formerly Twitter) and reiterated that no legitimate recovery or refund programs are in place. They added that node governance would determine any decisions about restitution and urged users to disregard unofficial offers that surfaced after the exploit. As a result of the incident, RUNE, THORChain’s native token, experienced significant volatility.