THORChain Security Breach Halts RUNE Transfers, Network Paused for 12 Hours

THORChain Network Halted: A Deep Dive into the Security Incident

The cross-chain liquidity protocol THORChain is currently grappling with a significant security breach that has forced a temporary shutdown of its network. Official communications indicate that a node recently integrated into the network was likely compromised by a malicious actor. Investigators suspect the attacker exploited a vulnerability related to the GG20 threshold signature scheme (TSS), gaining access to key information from vault participants.

This access enabled the reconstruction of a vault's private key, leading to unauthorized withdrawal transactions. In response, the THORChain core team and node operators enacted emergency protocols, with multiple critical nodes voluntarily going offline. The entire network has been paused to prevent additional fund drainage.

Impact and Estimated Recovery Timeline

The incident has immediate consequences for users:

• RUNE Transfers: A tentative restart is projected within approximately 12 hours, though the final timeline hinges on consensus among node operators.
• Other Functions: Core operations like swapping, liquidity provisioning, and signing remain disabled.
• Full Restoration: A complete recovery of all network functionalities is expected to take several days for comprehensive audits and fixes.

Community-Proposed Recovery Pathways

Following the breach, the THORChain community initiated urgent discussions to chart a recovery course. Potential remedial actions under consideration include:

• Slashing the stake of nodes implicated in the incident as a penalty for security lapses.
• Evaluating and implementing other technical and governance improvements proposed by community members.
• Conducting a thorough review and upgrade of the network's security protocols and node onboarding processes.

This event underscores the persistent security challenges within the decentralized finance landscape. The THORChain team has committed to a full investigation of the root cause and to implementing all necessary measures to fortify network defenses and safeguard user assets.