Home
News
Details

THORChain Halts Trading After $10.8M Exploit, Raises Concerns Over MPC Wallet Security

iconAMBCrypto
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
THORChain suspended trading activity on 15 May after a $10.7 million to $10.8 million exploit drained funds from one of its Asgard vaults. Ledger CTO Charles Guillemet pointed to a potential flaw in the GG20 TSS protocol used in MPC wallets. The protocol confirmed user funds remained untouched, and the investigation continues. Trading volume dipped sharply following the incident as the market reacts to the security breach.

THORChain halted trading and signing activity after one of its Asgard vaults was compromised in an exploit that drained roughly $10.7 million to $10.8 million. This is according to statements from the protocol and security researchers.

In an announcement posted on 15 May, THORChain said the network automatically detected abnormal activity and suspended signing operations to prevent additional outbound transactions.

The protocol said:

AD
  • one of six Asgard vaults appears to have been compromised,
  • churn activity has been paused,
  • and node operators have been asked to review infrastructure, key management systems, and operational security for signs of compromise.

THORChain added that initial indications suggest user funds were not directly affected and that the losses appear limited to protocol-owned funds.

Ledger CTO points to possible TSS vulnerability

Charles Guillemet suggested the incident could involve a weakness tied to threshold signature scheme [TSS] infrastructure.

Referencing comments from THORChain contributor JP Thor, Guillemet said the exploit “could be a MPC exploit” involving GG20. This is a threshold signature protocol used in some multi-party computation [MPC] wallet systems.

THORChain’s vaults rely on TSS, a cryptographic system designed to allow multiple nodes to jointly produce signatures without reconstructing the full private key in one place.

However, Guillemet noted that earlier GG18/GG20-family protocols have historically faced critical vulnerabilities, including:

  • CVE-2023-33241,
  • and TSSHOCK.

He argued that in some previously documented attack scenarios, a single compromised co-signer could reconstruct enough information to recover the full signing key.

AI-assisted attacks may be changing validator security assumptions

One of the more notable parts of Guillemet’s analysis focused on artificial intelligence and infrastructure security.

He warned that advances in LLM-assisted vulnerability discovery and exploit generation may reduce the difficulty of compromising validator infrastructure that was previously considered difficult to attack.

According to Guillemet, a potential attack scenario could involve:

  • compromising a validator,
  • waiting for it to join an active vault,
  • exploiting malformed signing proofs during key generation or signing,
  • and reconstructing vault keys offline.

At the same time, he cautioned that the exact root cause of the exploit remains unclear and said investigators have not yet confirmed whether a known GG20 weakness or a previously undiscovered flaw was involved.

Investigation remains ongoing

THORChain contributors said the investigation is still ongoing and that additional updates will be released as remediation efforts continue.

The incident adds to growing scrutiny around the security assumptions behind MPC and TSS infrastructure, which are increasingly used across cross-chain protocols, custody systems, and institutional crypto infrastructure.

Final Summary

  • THORChain halted trading after a vault exploit drained roughly $10.8 million from protocol-owned funds.
  • Security researchers and Ledger CTO Charles Guillemet said the incident may involve weaknesses tied to MPC/TSS signing infrastructure.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.