THORChain has launched a recovery portal for users affected by a $10 million exploit, enabling them to revoke malicious approvals and claim refunds. The treasury-backed refund pool matches the stolen amount, with 12,847 wallets across four chains affected. Users have 21 days to submit claims before funds roll over to the protocol’s insurance fund. The exploit targeted a vulnerability in THORChain’s GG20 threshold signature scheme. Investigations are ongoing, with law enforcement involvement.
THORChain has launched a recovery portal following a $10 million exploit, allowing affected users across four chains to revoke malicious approvals and claim refunds. THORChain has confirmed a $10 million exploit and launched a recovery portal , giving affected users a self-custodial path to revoke malicious token approvals and submit refund claims backed by a treasury-provisioned refund pool of equal size.the recovery portal , saying that “affected users are now able to check what they will be paid as compensation following the exploit.
” The portal, citing a PeckShield post-mortem, claims that the attack was detected at 02:14 UTC on May 11, when node operators flagged anomalous outbound transactions.within eight minutes. In total, attackers drained 36.75 BTC, worth around $3 million, and approximately $7 million in tokens across BNB Chain, Ethereum and Base, hitting 12,847 wallets across four chains. Affected users have 21 days to submit claims.
The refund window closes on June 4, after which any unclaimed allocation rolls over to the protocol’s insurance fund.the leading theory is that the attacker exploited a vulnerability in the GG20 threshold signature scheme implementation, which allowed sensitive vault key material to leak gradually. By accumulating enough of this leaked data over time, the attacker was able to reconstruct the vault’s private key and authorize unauthorized outbound transactions.
The protocol also noted that a newly churned node entered the network several days before the attack and is currently believed to be associated with it, with onchain links identified between the node’s bonding addresses and the wallets that received the stolen funds.
“The Treasury is actively collecting forensic data and coordinating with Outrider Analytics and relevant law enforcement agencies in an effort to identify the attacker and pursue recovery of stolen funds where possible,” the protocol wrote. Drift Protocol’s $280 million hack drove the bulk of the damage, together representing 82% of April’s losses and cementing DeFi as the most targeted sector.
The pattern of attacks points to a shift in how protocols are being compromised, with bridges, privileged access and operational failures increasingly at the root of major incidents rather than straightforward smart contract bugs. Vince Quill
Thorchain Exploit Recovery Portal Cryptocurrency Security
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Kalshi promo code NYPMAX: Trade $10, get $10 for Braves vs. CubsTrade $10, get $10 with the Kalshi promo code NYPMAX for Braves vs. Cubs on Thursday.
Read more »
Thorchain Exploited? Trading Paused Amid Risk of Enormous AttackTHORChain paused trading after a suspected exploit reportedly drained more than $10 million across multiple blockchains.
Read more »
Kalshi promo code NYPMAX: Trade $10, get $10 for the NBA PlayoffsNew bettors can use the Kalshi promo code NYPMAX to trade $10 and get $10 for the NBA Playoffs.
Read more »
Bet365 Offers $365 Bonus Bets for Blue Jays vs TigersGet $365 in bonus bets with a $10 wager in Michigan. Minimum $10 qualifying deposit required to activate the offer. Bonus bets expire seven days after being issued. Make a minimum $10 qualifying deposit, place a $10 wager, and receive $365 in bonus bets regardless of whether your bet wins or loses.
Read more »