THORChain: $10.8M Hack and a 13-Hour Halt

On May 15, 2026, a single malicious node reconstructed the private key of a THORChain vault and drained approximately $10.8 million spread across nine chains simultaneously. There was no oracle manipulation or smart contract bug: the attacker broke the very cryptography that distributes control of funds among dozens of validators. What was truly remarkable came afterward. The protocol that for years presented itself as "unstoppable" halted its signatures within minutes and froze the entire network for nearly 13 hours through a coordinated governance decision, ensuring zero losses for end users without minting a single new RUNE. It left an uncomfortable question served on a silver platter: if a handful of operators can shut everything down in minutes, are we talking about real decentralization or a central point of control with good marketing?

What exactly happened to THORChain on May 15?

THORChain is a cross-chain liquidity protocol: it allows for the exchange of, for example, native Bitcoin for native Ethereum without going through a centralized exchange and without wrapping the asset in a synthetic token. The funds that make every swap possible live in reserves that the protocol calls Asgard vaults.

On May 13, an operator entered the validator set with a node prepared to attack. For two days, that node participated in the protocol's normal signing ceremonies while slowly leaking fragments of the key that controls one of the vaults. By May 15, it had enough material to reconstruct the full private key of that vault—which held approximately one-fifth of all protocol funds—and sign valid outgoing transfers on its own.

The result: approximately $10.8 million left the vault across nine different chains (Bitcoin, Ethereum, BNB Chain, Base, Avalanche, Dogecoin, Litecoin, Bitcoin Cash, and XRP) without any defense system being able to stop the signatures in time, because in the eyes of the protocol, those signatures were legitimate. The attacker had the real key.

What is an Asgard vault and how is its key distributed?

Imagine a safe whose door doesn't open with a single key, but with several distributed among dozens of people; a minimum number of them must provide their keys at the same time. No one can open it alone, and if one person disappears, the safe continues to function with the others. That is, conceptually, an Asgard vault: control is not held by a single custodian, but distributed among many node operators.

The technology that makes this possible is called threshold signature (TSS): each node stores only a key share, never the entire key, and a quorum of shares is needed to authorize any outflow of funds. The full private key, in theory, does not exist on any computer at any time—it is mathematically reconstructed only during the moment of signing and then disappears.

The security promise is forceful: even if an attacker compromises a node, or several, they gain nothing useful as long as they do not reach the quorum. This is why the THORChain case is so striking. The attacker did not gather the quorum: they tricked the honest nodes into handing over, round by round, the missing pieces.

How did the attacker break a threshold signature without gathering a quorum?

THORChain implements threshold signatures with its own variant (a fork) of Binance's tss-lib library, which applies the cryptographic protocol known as GG20. That is where the crack lies.

According to independent analysis by security researcher Banteg, the THORChain fork omitted a security check that the original design requires: when a node joins, it must mathematically prove—with a proof that reveals no secrets—that the cryptographic parameters it provides are well-formed. This is a "soundness" verification of a component called the Paillier modulus. In the standard recipe, it is mandatory; in THORChain's modified version, it was not executed.

The analogy: think of the signing ceremonies as meetings where each participant puts their piece of the secret inside a locked box and passes it to the others for a joint calculation, trusting that everyone's box is real and not a trap. The soundness proof is the guard who checks that each participant's box is legitimate before letting them in. THORChain removed the guard. The attacker showed up with a manipulated "box" and, every time the honest nodes put their piece inside to collaborate on a signature, that rigged box leaked a tiny bit of each person's secret to them.

Repeated over two days and many signing rounds, this drip—researchers describe it as progressive leakage of key material—was enough for the attacker to accumulate the missing pieces and reconstruct the full private key of the vault by themselves. From that point on, the malicious signatures were indistinguishable from legitimate ones: they had the authentic key.

The important nuance is that this was not a failure of the threshold signature concept, but of an implementation that cut a safeguard. It is cryptographic debt: a complex library, a fork without full test coverage, and an omitted detail that no one exploited for years until someone finally did.

How much was the loot and how was it distributed by chain?

The attacker consolidated the funds into a handful of addresses. On Ethereum-compatible chains, almost all the loot ended up at the address 0x82fc0d…54eb; on Bitcoin, at bc1ql4u…6f37. The approximate breakdown of the extracted value:

The malicious node operated from the validator address thor16ucjv…cn84q. Unlike the Echo case on Monad—where the attacker minted 77 million nominally but could only monetize $816,000 because there was no liquidity to sell—here the nominal damage and the real damage coincide: the attacker did not need a market to sell anything. They took real, exchangeable assets directly from the vault. That is why the $10.8 million was truly lost, without the "accidental firewall" of illiquidity.

How did THORChain manage to stop in minutes?

THORChain's defense system constantly monitors one very simple thing: what the protocol believes it has versus what is actually there on each external chain. It is an automatic solvency check, a kind of permanent cash audit. When the real balances began to drop without legitimate operations to justify it, alerts went off automatically: just minutes after the drain began, that verification caused the communication layer with external chains (Bifrost) to stop signing transactions automatically, without any human pressing a button. This protected the vaults that were not yet compromised.

What followed was no longer automatic, but human and coordinated. Validators organized through their communication channels, confirmed the attack vector, and, within hours, reached a consensus to perform a coordinated halt: completely freezing the state of the network. A halt is exactly what it sounds like—shutting down the consensus machine so it processes absolutely nothing, not a single swap. The freeze lasted 12 hours and 42 minutes (from blocks 26190429 to 26191149), the time developers needed to compile, test, and deploy an emergency patch, thornode v3.18.1, which plugged the leak.

How was the money recovered without issuing new RUNE?

Here THORChain did something that deserves recognition: it resolved a $10.8 million hole without printing tokens. The usual temptation after a hack is to mint new native assets to fill the gap, which dilutes all holders and usually sends the price into a downward spiral. THORChain expressly prohibited this in its recovery plan, governance proposal ADR-028.

The plan distributed the hit in this order:

• First, the POL. POL (protocol-owned liquidity) is the capital that the protocol itself owns in its pools, as opposed to what users provide. It functions as the house's reserve cushion. These reserves absorbed the first round of losses, being exhausted as a priority so as not to affect anyone else.
• Next, synthetic holders. The residual deficit that the POL did not cover was distributed among synth holders (holders of the protocol's synthetic assets), not among traditional liquidity providers.
• Replenishment without dilution. To refill the POL over time, the protocol redirects a fraction of future swap revenue to rebuild those reserves. No new RUNE is minted or sold at any time.
• Punishing the attacker. The protocol confiscated (slashed) the entire RUNE bond that the malicious validator had deposited to operate, while protecting honest validators who shared the vault and had nothing to do with it.

For directly affected retail users, a recovery portal with $10 million from the treasury was enabled with a 21-day window—until June 4, 2026—to revoke malicious approvals and claim compensation. The final result was zero loss for end users: anyone who had funds in THORChain recovered them.

Is this real decentralization or a central kill switch?

This is the editorially interesting question, and it has no comfortable answer. THORChain has marketed itself for years as a neutral and unstoppable infrastructure that does not censor transactions and cannot be shut down by anyone. On May 15, a coordinated group of operators shut it down entirely in hours.

Both interpretations are legitimate and opposite:

The optimistic view: a decentralized system that can stop itself in an emergency, without a CEO or a central committee giving the order, and resolve the damage internally without harming its users, is more robust, not less. The initial halt was automatic; the freeze was the result of consensus among independent operators—decentralized self-regulation working live, exactly what the sector needs to demonstrate as regulatory pressure grows in the US to subject DeFi to oversight.

The critical view: if a quorum of validators can freeze the network, rewrite who assumes losses, and open a compensation portal, then that quorum is a point of control. Today they used it for something good; the same capability can be used to censor an inconvenient transaction or yield to a court order. The protocol is "unstoppable" until its operators decide otherwise.

The practical truth is that almost all relevant DeFi has this button somewhere, even if their marketing says otherwise. THORChain's merit is having used it with transparency and in favor of the user. The underlying risk is that the button exists, and who controls it matters as much as the code being audited.

Why is THORChain such a recurring target?

The exploit does not happen in a vacuum. THORChain carries a heavy reputation: due to its philosophy of neutrality and resistance to censorship, its liquidity has served as a laundry for groups linked to North Korea. It is confirmed that it moved part of the $1.5 billion stolen from Bybit in 2025, attributed to the Lazarus group—the context we developed in our analysis on whether THORChain's passivity toward illicit funds is complicity or neutral code.

And the incident is part of a brutal streak. In April 2026 alone, losses from exploits in the sector exceeded $600 million, with cases like KelpDAO ($292 million) and Drift ($285 million). The constant of 2026 is the same one we have been documenting: the weak link is rarely the logic of the audited contract; it is the governance layer, the keys, and, as seen here, the cryptography of the cross-chain infrastructure itself.

What can the reader monitor live after this case?

An exploit of this nature is frozen data: it happened, it was patched, it was reported. What changes day to day is the risk that remains alive around cross-chain liquidity. Three checks with real-time data, instead of relying on a screenshot from weeks ago:

• The peg of Bitcoin wrappers. THORChain moves native BTC between chains, but much of the BTC circulating in DeFi is wrapped BTC. Check live if the main Bitcoin wrappers maintain their 1:1 parity or are deviating in our BTC wrappers monitor.
• Comparative bridge risk. The vector of this hack is, fundamentally, the risk of all cross-chain infrastructure. Before moving funds between chains, compare security models and bridge track records in our bridge comparator.
• The health of stablecoins and ETH wrappers that touch these same bridges, in the stablecoin monitor and the ETH wrappers monitor.

What are the lessons from the case?

The Asgard vaults exploit leaves three conclusions. The technical one: threshold cryptography is only as strong as its weakest implementation—a fork that cuts a single soundness proof turns a mathematical safeguard into an open door for years, and auditing contracts is not enough if no one audits the signing library with the same rigor. The operational one: response speed mattered more than prevention; THORChain did not prevent the theft, but contained it in minutes and resolved it with zero user losses, without diluting its token. And the most uncomfortable one: the same power that saved users on May 15 is a point of control that contradicts the "unstoppable" narrative. RUNE fell between 12% and 15% in the following 24 hours, not because of the money lost—it was recoverable—but because of that contradiction. The next time a cross-chain protocol tells you that no one can shut it down, the right question isn't whether it's true. It's: if they could, would you want them to be unable to?

Sources and links: THORChain · THORChain Documentation (ADR-028) · Rekt.news (exploit coverage) · tss-lib (Binance) · Etherscan (on-chain tracking) · THORChain Network (dashboard)