THORChain has suffered another severe blow, losing $10.7 million from its vaults due to a critical vulnerability in the GG20 threshold signature scheme. A malicious node operator exploited the flaw to reconstruct a full private key, gaining unauthorized access to the network's funds. This is a direct hit to the protocol's core security model, which relies on decentralized node operators to secure cross-chain assets.
The attack vector targeted the multi-party computation (MPC) protocol that THORChain uses to manage its vaults. By running a rogue validator node, the attacker manipulated the key-generation process. Instead of keeping the private key shares distributed and secure across multiple independent parties, the GG20 vulnerability allowed this single malicious actor to piece together the master key. Once the key was compiled, draining the vault was trivial. It was a clean execution of a cryptographic failure, not a simple smart contract bug.
This exploit reignites fears over bridge security, which remains the primary vulnerability in decentralized finance. The native RUNE token slipped 6.5% within hours of the disclosure as liquidity providers rushed to assess their exposure. Traders immediately pulled liquidity from active pools, fearing further contagion. The incident highlights the systemic risk of relying on complex, third-party cryptographic libraries without continuous, rigorous auditing.
Developers have paused the network to prevent further drainage and are working on an emergency patch to replace the compromised GG20 implementation. The core team stated that they plan to migrate to a more robust threshold signature scheme, possibly GG21 or a custom FROST-based alternative.
Traders should watch the official THORChain developer channels for the announcement of the network restart and the deployment of the new cryptographic patch. The key level to monitor for RUNE is the $5.20 support, which has historically acted as a floor during previous protocol halts. Any delay in the migration or further vulnerability disclosures will likely trigger another wave of liquidations.
THORChain Exploit: How a GG20 Flaw Cost Vaults $10.7 Million
THORChain experienced a $10.7 million exploit due to a GG20 vulnerability, allowing a malicious node to reconstruct a private key for one of its vaults.