en
Back to the list

THORChain resumes trading more than a month after $10M exploit

source-logo  cointelegraph.com 1 h
image

THORChain has resumed activity after over a month of security verifications and upgrades, following a $10.7 million exploit that prompted a trading halt on May 15.

In a Tuesday X post, THORChain said it restored its network, including trading, signing, swaps and liquidity provider actions.

On Sunday, the protocol said it had confirmed the safety of most of its vaults through the KeyVerify protocol and retired the remaining legacy vaults as part of a migration to a new set of vaults. THORChain called the upgrade the “most significant milestone” in its recovery process. It also said it completed verification of every node's keyshare on Friday.

THORChain is one of the crypto industry's largest cross-chain trading protocols, enabling swaps between networks such as Bitcoin and Ethereum. The protocol has drawn scrutiny from blockchain investigators because hackers have used it to move stolen funds between blockchains.

Source: THORChain

THORChain ships security upgrades and migrates old vaults

THORChain attributed the exploit to a vulnerability in its GG20 threshold signature scheme, which is used to secure protocol vaults by distributing key control across multiple node operators. According to the protocol, the flaw allowed a malicious node operator to reconstruct a full private key through what it described as “progressive key material leakage,” enabling the theft of $10.7 million.

The protocol implemented an emergency patch on May 20 to protect the remaining vaults before releasing an upgrade on June 9, which included a fix for the exploited vulnerability. A follow-up upgrade was rolled out on June 11 with additional stability improvements and fixes to the KeyVerify protocol.

THORChain network overview, node upgrades. Source: THORChain Explorer

With the recovery process largely complete, THORChain has also outlined plans for new network integrations.

THORChain said it will launch native swaps and vaults for privacy-preserving cryptocurrency Zcash (ZEC) within the next two weeks, followed by Monero (XMR).

It also plans to launch support for the Bittensor (TAO) token in about six weeks after the network’s restart.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express

cointelegraph.com