THORChain, a major cross-chain trading protocol, has resumed all activities on the network after being down for over a month. The pause follows a $10.7 million exploit on May 15 that forced the protocol to halt trading, swaps, and liquidity provider actions.
In an article on X on Tuesday, the team announced that the network was back online. This includes trading, signing, swap and liquidity provider functions. The rollback comes after a series of upgrades and security checks.
Key recovery steps and vault migration
On Sunday, the protocol said it had confirmed the security of most of its vaults using the KeyVerify protocol. It also removed the remaining old vaults as part of a migration to a new set of vaults. THORChain called this upgrade the “most important step” in its recovery process. He added that verification of each node’s key sharing was completed on Friday.
The exploit is believed to come from a vulnerability in the GG20 threshold signature system. This scheme is used to secure protocol vaults by distributing key control among multiple node operators. According to the protocol, the flaw allowed a malicious node operator to reconstruct a complete private key through what it described as a “progressive leak of key material.”
Emergency fixes and upgrades
An emergency patch was applied on May 20 to protect the remaining vaults. A larger update followed on June 9, which included a fix for the exploited vulnerability. A subsequent update on June 11 brought stability improvements and additional fixes to the KeyVerify protocol.
THORChain is one of the largest cross-chain trading protocols in the crypto space, enabling exchanges between networks like Bitcoin and Ethereum. It attracted the attention of blockchain investigators because hackers used it to move stolen funds between blockchains.
Plans for new integrations
With the recovery largely complete, THORChain has outlined plans for further network integrations. The protocol announced that it will launch native swaps and vaults for the privacy-focused cryptocurrency Zcash (ZEC) in the next two weeks, followed by Monero (XMR). It also plans to add support for the Bittensor (TAO) token around six weeks after the reboot.
The road to full resumption of operations has been long, but the protocol appears to have resolved the main vulnerabilities. Whether users will fully trust the platform again remains an open question.
