THORChain lost roughly $10.7 million on May 15 after a rogue node operator exploited vulnerabilities in the protocol’s threshold signature scheme. Now the project has a plan to make things right, and it doesn’t involve printing more tokens.
The recovery proposal, known as ADR028, commits to covering losses through Protocol-Owned Liquidity first, with any remaining shortfall distributed proportionally among synthetic asset holders. No new RUNE will be minted or sold. For existing holders, that’s the detail that matters most.
What happened and how it was stopped
The attacker was a newly churned node operator who had entered the THORChain network just two days before the exploit. That brief window was enough to carry out an attack targeting the GG20 Threshold Signature Scheme, the cryptographic system that governs how vault keys are managed across THORChain’s decentralized infrastructure.
In English: THORChain uses a system where multiple node operators collectively control vault keys, so no single party can access funds alone. The attacker found a way to reconstruct critical vault private keys through vulnerabilities in this system, effectively picking the lock on the protocol’s treasury.
