THORChain's $10.7M Vault Breach Came From Inside the Network

The attacker did not force their way in. They applied, waited, and were approved.

On May 15, 2026, a newly admitted node operator drained approximately $10.7M from one of THORChain’s five active vaults, exploiting a flaw in the cryptographic signing system the protocol had been planning to replace for months. The THORChain exploit sent RUNE sliding 15% within minutes, from around $0.58 to roughly $0.50, before the network locked itself down.

What made this breach different was not the dollar figure. It was the patience behind it.

The Discord Handle Nobody Flagged

A freshly created Discord account under the name “Dinosauruss” joined the THORChain Developer Discord on May 1, 2026. According to the official THORChain Exploit Report #1, published May 20, the account asked repeated questions about getting a node churned into the network, and appeared anxious when a routine delay pushed the timeline back by weeks.

On May 13, the node address later identified as thor16ucjv3v695mq283me7esh0wdhajjalengcn84q churned into the active validator set, bonded with approximately 635,000 RUNE split across two addresses. It was randomly assigned to one of the five vaults. For two full days, it did nothing suspicious. It simply participated in routine GG20 signing ceremonies, the exact process that would later be its weapon.

That preparation period matters more than most post-mortems have acknowledged.

The node was not exploiting anything during those two days of ceremony participation. It was collecting. THORChain’s GG20 Threshold Signature Scheme, which distributes vault key control across multiple independent node operators so no single party ever holds a full private key, became the vehicle for gradual key material leakage. Each signing round gave the malicious node another fragment. By May 15, it had enough to reconstruct the vault’s private key entirely.

What the Automatic Systems Caught, and What They Could Not

Once the attacker held the full private key, they bypassed the GG20 signing ceremony entirely. Unauthorized outbound transactions started leaving the vault across ETH, AVAX, BSC, BASE, DOGE, and GAIA.

THORChain’s solvency checker caught the divergence fast. The system, which continuously compares expected vault balances against actual on-chain holdings for every connected chain, flagged an imbalance exceeding the 1% tolerance threshold within minutes of the drain beginning. No human initiated this. The protocol halted signing and trading across six chains automatically.

But the proactive detection mode, the layer designed to refuse signing before a transaction renders a vault insolvent, had no opportunity to act. The attacker was not going through the ceremony. They were signing directly with a reconstructed key. The reactive layer caught the damage after the fact.

On-chain investigator ZachXBT first flagged the suspicious outbound transactions publicly and initially estimated losses at $7.4M. The figure was later revised to approximately $10.7M after on-chain forensics linked the malicious node thor16ucjv3v695mq283me7esh0wdhajjalengcn84q to the Ethereum addresses that received the stolen funds, the development team confirmed in its May 15 evening update.

Governance Moved Fast Enough to Matter

Within approximately one hour of the community raising the alarm, node operators stacked manual 720-block trading pauses through Discord coordination. Each additional node calling for a halt extended the pause window. Between 18 and 20 nodes participated, according to the report.

Formal Mimir governance votes followed in rapid succession:

HALTTRADING activated at block 26183438. HALTSIGNING at block 26183439. HALTCHAINGLOBAL at block 26183590. HALTCHURNING at block 26183849.

Churning was paused specifically to trap the malicious node inside the network and prevent any additional validators from entering during the response window. The four remaining vaults were unaffected. THORChain also confirmed the SOL pool was safe, as EdDSA-based chains are not vulnerable to this class of GG20 attack.

As THORChain posted on X:

“THORChain Exploit Report #1 is now live. Full timeline of the May 15 incident, how the security layers responded, and what comes next via ADR-028.”

Recovery Sits With the Community Now

Patch v3.18.1 was released as an immediate precautionary measure to protect the remaining vaults. All active node operators were asked to scale down Bifrost pods and upgrade before the full patch rollout.

Recovery of the lost funds will not be decided by the development team. It goes to community governance through ADR-028, THORChain’s Architecture Decision Record process. Proposals under discussion include bond slashing, protocol-owned liquidity absorption, and other community-submitted options. Whatever the vote lands on gets implemented in v3.19.

The development team, coordinating the investigation with Outrider Analytics and law enforcement, confirmed a strong technical understanding of the attack by May 18 but withheld specific details to allow other projects using GG20 cryptography time to protect their own systems first.

THORChain had been planning to move off GG20 toward a more modern signing scheme called DKLS since November 2025, when it engaged Silence Labs to build a custom implementation. That work was targeting Q1/Q2 2026 delivery. The exploit arrived before the transition completed.

The team’s current position, as stated in the May 18 update, is to remain on GG20 in the short term to restore network stability as quickly as possible before making longer-term cryptographic changes.

A second full technical report will be published once the investigation closes.