THORChain Network Paused Following Security Incident, Suspected GG20 TSS Vulnerability Exploited

KuCoinFlash

Release Time: 05/16/2026 09:25:45

RUNE

$0.4404-1.54%

Summary

THORChain halted operations following a security breach tied to a GG20 TSS vulnerability. A new node, thor16uc...cn84q, is suspected of leaking key material, enabling unauthorized withdrawals. Node operators paused the network, with RUNE transfers and on-chain monitoring expected to resume in 12 hours. Liquidity and crypto markets remain affected as transactions and LP operations are suspended. Recovery options include slashing the node’s stake, deploying protocol-owned liquidity, or implementing community-driven fixes. THORSec and Outrider are investigating, while the Treasury collects forensic data and coordinates with law enforcement. Full recovery may take several days. Risk-on assets face uncertainty as the incident underscores ongoing security challenges in decentralized finance.

Odaily Planet Daily report: THORChain posted on X that its developers have released an incident update on Discord. Current evidence points to a newly joined network node, thor16uc...cn84q, being associated with the attack, operated by a single malicious actor. The primary hypothesis is that the attacker exploited a vulnerability in the GG20 TSS implementation, causing the gradual leakage of sensitive key material from vault participants, ultimately enabling reconstruction of the vault’s private key and execution of unauthorized withdrawal transactions.

Regarding network status, the network has been paused after multiple node operators executed "make pause." RUNE transfers and on-chain observations are expected to resume within approximately 12 hours, but transactions, LP operations, signatures, and other sensitive actions remain paused.

The recovery plan under discussion includes slashing the collateral of affected nodes, absorbing losses through Protocol-Owned Liquidity (POL), or other community-driven solutions. THORSec and Outrider Analytics are continuing their investigation, while the Treasury is gathering forensic data and coordinating with relevant law enforcement agencies. Full functionality restoration is expected to take several days or longer.

Source:Show original

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.