BlackHartBlackHart
Hacks Feed/THORChain

THORChain

May 15, 2026·THORChain·Key Compromise
$10.8M
total loss
StatusConfirmed
View current THORChainscore →

A new validator joined THORChain's network, then quietly participated in routine signing ceremonies for one of the protocol's six vaults. A flaw in the way those ceremonies worked leaked tiny fragments of the vault's private key each time. After 48 hours of collecting fragments, the attacker reconstructed the full key offline and drained roughly $10.8 million across nine different blockchains. The protocol caught it within an hour and halted trading. No user deposits or liquidity-provider positions were affected, only protocol-owned vault assets.

User depositssafe
LP positionssafe
Protocol-owned vaultdrained(1 of 6 Asgard vaults drained)
Network tradingpartially affected(halted for ~13 hours then restored)
What the score saw

Our pre-hack assessment flagged THORChain's multi-party signing protocol as a cryptographic-layer concern. The exact class of flaw was a known issue in similar implementations, and an upgrade had been recommended before this incident.

Exploit anatomy

Arogue validator nodejoined the network on May 13, collected leaked key fragments over 48 hours of signing ceremonies, reconstructed the vault private key offline, and drained funds across nine chains tothe attacker's BTC addressandETH address.

Fund flow
Source
Asgard vault
one of six protocol-owned vaults
Laundering
Monero
pre-staged route
Hyperliquid
pre-staged route
Arbitrum
pre-staged route
Full forensic detail

Step-by-step reconstruction, root cause, counterfactuals, remediation, and disclosure timeline.

Exploit anatomy

1.
Attacker bonds a new validator node (thor16ucjv3v695mq283me7esh0wdhajjalengcn84q) to the THORChain network through the standard churn process.
MsgBond
2.
Over 48 hours (May 13-15), the rogue node joins routine GG20 TSS signing ceremonies for one of six Asgard vaults. A flaw in the protocol leaks partial key material during each signing round.
GG20 TSS signing rounds (keygen/signing ceremonies)
3.
Attacker collects enough key shards offline to reconstruct the vault's full ECDSA private key. This bypasses the threshold requirement that no single party should ever hold complete key material.
Offline key reconstruction from leaked partial shares
4.
Using the reconstructed private key, attacker signs and broadcasts unauthorized outbound transactions from the compromised Asgard vault across nine chains at once. The transactions look legitimate because they carry valid vault signatures.
Direct vault spend (forged signatures)
5.
Funds drained to attacker-controlled addresses: bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37 (BTC), 0x82fc0d5150f3548027e971ec04c065f3c93154eb (ETH), 0xd477b69551f49c0519f9b18c55030676138890bd (ETH/BSC). Total: ~3,443 ETH ($7.77M), ~36.85 BTC ($2.97M), ~96.6 BNB ($66K), plus smaller amounts across AVAX, DOGE, LTC, BCH, XRP.
6.
THORChain's solvency monitor detects abnormal vault balances. Node operators activate HALTTRADING, HALTSIGNING, HALTCHAINGLOBAL, and HALTCHURNING via Mimir governance within about one hour.
Mimir governance halt (block 26190429)

Root cause

The root cause is a cryptographic implementation flaw in THORChain's GG20 (Gennaro-Goldfeder 2020) threshold signature scheme. GG20 is a multi-party computation (MPC) scheme where t-of-n signers co-sign transactions without any single party ever holding the full private key. THORChain's implementation contained a flaw analogous to the TSSHOCK class of CVEs found in other TSS libraries. Partial key material (key shards) leaked during normal keygen and signing rounds. A malicious node could collect these leaked fragments over successive rounds until it had enough information to reconstruct the vault's complete ECDSA private key. Once reconstructed, the attacker forged valid outbound transactions indistinguishable from legitimate vault operations, bypassing all quorum checks. The flaw is architectural. It exists at the cryptographic protocol layer, not the smart contract layer, making it invisible to conventional Solidity-focused auditing.

Prevention analysis

Would a higher threshold (e.g., 67% instead of current) have prevented this?

Not directly. The flaw leaks key material during signing ceremonies regardless of the threshold parameter. A higher threshold increases the number of shards needed but doesn't eliminate the leakage vector. It would increase the time and signing rounds required for reconstruction.

Would proactive TSSHOCK patching have prevented this?

Likely yes. The TSSHOCK class of GG20 vulnerabilities was publicly disclosed before this incident. Had THORChain migrated to a patched GG20 implementation or an alternative scheme (e.g., FROST/EdDSA), the leakage vector would have been closed.

Would anomaly detection on signing behavior have given earlier warning?

Yes. The attacker participated in signing ceremonies for 48 hours. Behavioral monitoring of new nodes' signing patterns, detecting malformed zero-knowledge proofs or unusual round participation, could have flagged the node before full key reconstruction.

Would vault rotation after each churn have limited exposure?

Yes. If vault keys were rotated every churn cycle with fresh keygen, the attacker's accumulated partial key material would be invalidated. The 48-hour window would have been too short if key rotation occurred between the attacker's join and the exploit.

Similar incidents

Multichain (Anycall)

MPC key compromise leading to bridge drain. $126M lost from centralized MPC key extraction

Ronin Bridge

Validator key compromise enabling unauthorized withdrawals. 5 of 9 validator keys compromised

Harmony Horizon Bridge

2-of-5 multisig key compromise on cross-chain bridge. Private key extraction

Remediation

1.Patch GG20 TSS implementation to eliminate key material leakage during signing ceremonies (released as v3.18.1).done
2.Rotate all remaining Asgard vault keys to invalidate any partially leaked material from prior signing rounds.
3.Enforce a minimum churn-age requirement for new nodes before they can participate in active vault signing ceremonies.
4.Deploy signing-ceremony anomaly detection to flag nodes with unusual proof patterns during GG20 rounds.
5.Evaluate migration from GG20 to FROST (Flexible Round-Optimized Schnorr Threshold) signatures. FROST has stronger security guarantees against share leakage.
6.Add rate-limiting on outbound vault transactions and cross-vault balance monitoring with automatic halt triggers.
7.Fund user recovery through ADR-028 governance-managed treasury refund pool.

Timeline

2026-05-13Rogue node (thor16ucjv...cn84q) joins THORChain validator set via standard churn.
2026-05-13Attacker participates in GG20 signing ceremonies, collecting leaked key material over ~48 hours.
2026-05-15Attacker reconstructs Asgard vault private key and drains funds across 9 chains.
2026-05-15ZachXBT flags suspicious outbound transactions. Initial loss estimate at $7.4M.
2026-05-15THORChain solvency monitor detects abnormal vault balances. PeckShield revises estimate above $10M.
2026-05-15Node operators activate HALTTRADING, HALTSIGNING, HALTCHAINGLOBAL, HALTCHURNING via Mimir governance (~1 hour after detection).
2026-05-15Network halted for 12 hours 42 minutes starting at block 26190429.
2026-05-16THORChain confirms no user funds or LP positions were lost. Only protocol-owned vault assets affected.
2026-05-16Chainalysis links attacker to pre-staged laundering route via Monero, Hyperliquid, and Arbitrum.
2026-05-17Full incident analysis published. GG20 TSS vulnerability confirmed as root cause.
2026-05-18Patch v3.18.1 released to secure remaining vaults.
2026-05-19ADR-028 governance proposal initiated for treasury-funded recovery.
2026-05-20Recovery portal launched for affected users to check compensation and submit refund claims.
2026-05-21THORChain publishes formal exploit report confirming $10.7M breach by newly churned node.
Sources
trmlabs.comcryptotimes.iosecureshift.iocoindesk.comcryptotimes.iotheblock.cocryptotimes.ioambcrypto.comcryptoslate.comblockchain.news
ZachXBT (initial detection, address identification), PeckShield (loss estimation), TRM Labs (multi-chain tracing), Chainalysis (attacker wallet tracing, pre-attack activity mapping), THORSec (root cause analysis)
Continuous adversarial monitoring

Get your protocol scored across 12 dimensions, or request ongoing coverage.

Request ScoringView Plans