THORChain Proposes Recovery Plan After $10.7 Million Exploit

THORChain, a decentralized finance (DeFi) platform, has proposed a recovery plan after suffering a $10.7 million exploit on May 15. According to the plan, known as ADR028, the protocol will cover losses through Protocol-Owned Liquidity (POL) before distributing any remaining deficit among synthetic asset holders.

The incident occurred when a rogue node operator exploited vulnerabilities in THORChain's threshold signature scheme, which governs how vault keys are managed across its decentralized infrastructure. The attacker was able to reconstruct critical vault private keys, effectively picking the lock on the protocol's treasury.

Fortunately, THORChain's automated solvency checker caught the anomaly within minutes, and trading and signing operations were paused. Node operators coordinated to fully freeze the network within approximately two hours, preventing what could have been a significantly larger drain.