- THORChain lost $10 million in a hack targeting its GG20 TSS implementation.
- A recovery portal is now open for 12,847 affected wallets to claim refunds.
- The refund window is open for 21 days, closing on June 4.
Back
THORChain launches refund portal after $10 million exploit
THORChain has deployed a recovery portal for users affected by a $10 million exploit that occurred on May 11, providing a 21-day window for refund claims from a treasury-backed fund.
The attack was detected at 02:14 UTC after node operators identified a series of anomalous outbound transactions, according to a post-mortem by security firm PeckShield. "Trading and outbound signing were paused within eight minutes," the THORChain Foundation stated, containing the incident after attackers had already drained assets across four separate blockchains.
The exploit resulted in the theft of 36.75 BTC, valued at approximately $3 million, along with nearly $7 million in tokens on the Ethereum, BNB Chain, and Base networks. Data from the recovery portal indicates that 12,847 unique wallets were affected by the breach. The investigation's leading theory points to a vulnerability in the protocol's GG20 threshold signature scheme (TSS), which may have allowed a malicious new validator node to gradually leak and then reconstruct a vault's private key.
Affected users can now connect to the portal to revoke malicious token approvals and check their compensation amount. The claim period will end on June 4, after which any unclaimed funds will be transferred to the protocol’s insurance fund. THORChain is coordinating with Outrider Analytics and law enforcement to trace the stolen funds.
This article is for informational purposes only and does not constitute investment advice.
