THORChain has resumed full network operations more than a month after a $10.7 million exploit forced the protocol to halt trading and other key functions.
The crosschain liquidity protocol announced on Tuesday that trading, swaps, signing operations and liquidity provider activities are now fully restored following a lengthy security review and infrastructure upgrade process.
The restart is a step in THORChain’s recovery after the May 15 exploit, which exposed a weakness in the protocol’s vault security system and led developers to suspend activity while investigating the incident.
Trading is live again on THORChain.
After more than a month offline, the network is fully back. Signing, churning, secured and trade assets, LP actions, and swaps are all up and running. The world’s leading Bitcoin DEX is open for business once again.
This recovery was never…
— THORChain (@THORChain) June 23, 2026
How did the THORChain exploit happen?
According to THORChain, the attack was linked to a flaw in its GG20 threshold signature scheme, a technology designed to secure protocol vaults by splitting control of private keys among multiple node operators.
The vulnerability reportedly allowed a malicious node operator to gradually reconstruct a complete private key through what THORChain described as progressive key material leakage. The attacker ultimately used the weakness to steal approximately $10.7 million from the protocol.
Following the discovery, developers deployed an emergency patch on May 20 to secure remaining vaults and prevent further losses while work continued on a permanent fix.
Is the security upgrades enough for network restart?
The protocol spent several weeks conducting security checks before bringing the network back online. On Sunday, THORChain said it had verified the safety of most vaults using its KeyVerify protocol and retired all remaining legacy vaults as part of a migration to a new vault structure. The protocol described the migration as the most important stage of its recovery effort.
THORChain also confirmed that every node operator’s keyshare had been successfully verified. Earlier this month, developers released a major software upgrade that fixed the exploited vulnerability, followed by another update focused on stability improvements and enhancements to the KeyVerify system.
What’s next for THORChain?
With the recovery process largely complete, THORChain is moving its focus to increasing its network integrations. The protocol plans to launch native swaps and vault support for privacy-focused cryptocurrency Zcash (ZEC) within the next two weeks. Support for Monero (XMR) is expected to follow afterwards.
THORChain also said addition of Bittensor’s TAO token is scheduled for release in roughly six weeks, growing the range of assets available across its cross-chain trading ecosystem.
According to a PeckShield report, hackers stole $81.7 million from crypto platforms in May, highlighting an 87 per cent drop from April, when losses reached $646.89 million, the highest monthly total so far this year.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics.
