THORChain Opens Refund Portal After $10M Hack

Share This Post

THORChain has confirmed a $10 million exploit and launched a recovery portal, giving affected users a self-custodial path to revoke malicious token approvals and submit refund claims backed by a treasury-provisioned refund pool of equal size.

In a Saturday post on X, THORChain Foundation introduced the recovery portal, saying that “affected users are now able to check what they will be paid as compensation following the exploit.”

The portal, citing a PeckShield post-mortem, claims that the attack was detected at 02:14 UTC on May 11, when node operators flagged anomalous outbound transactions. Trading and outbound signing were paused within eight minutes. In total, attackers drained 36.75 BTC, worth around $3 million, and approximately $7 million in tokens across BNB Chain, Ethereum and Base, hitting 12,847 wallets across four chains.

THORChain’s recovery portal. Source: THORChain

Affected users have 21 days to submit claims. The refund window closes on June 4, after which any unclaimed allocation rolls over to the protocol’s insurance fund.

Related: Russia-linked crypto exchange Grinex halts trading after $14M hack

How THORChain was drained

In an incident update, THORChain said the leading theory is that the attacker exploited a vulnerability in the GG20 threshold signature scheme (TSS) implementation, which allowed sensitive vault key material to leak gradually. By accumulating enough of this leaked data over time, the attacker was able to reconstruct the vault’s private key and authorize unauthorized outbound transactions.

The protocol also noted that a newly churned node entered the network several days before the attack and is currently believed to be associated with it, with onchain links identified between the node’s bonding addresses and the wallets that received the stolen funds.

“The Treasury is actively collecting forensic data and coordinating with Outrider Analytics and relevant law enforcement agencies in an effort to identify the attacker and pursue recovery of stolen funds where possible,” the protocol wrote.

Related: Law enforcement freezes $41M connected to $150M crypto Ponzi collapse

Crypto hack losses hit $630 million in April

Crypto hacks surged in April, with total losses reaching $629.7 million, the worst month for the industry since February 2025, when $1.47 billion was stolen. KelpDAO’s $293 million exploit and Drift Protocol’s $280 million hack drove the bulk of the damage, together representing 82% of April’s losses and cementing DeFi as the most targeted sector.

The pattern of attacks points to a shift in how protocols are being compromised, with bridges, privileged access and operational failures increasingly at the root of major incidents rather than straightforward smart contract bugs.

Magazine: AI-driven hacks could kill DeFi — unless projects act now

Related Posts

Aave logs biggest network-growth day in nearly 5 years as DeFi interest returns

Several threads are feeding the attention. Aave is rolling...

Bitcoin’s 20% June crash looks even deadlier on the charts. Here’s why

Bitcoin BTC$58,725.99 fell by 20% to under $60,000 in...

Open Standard Unveils Open USD, a Bank- and Tech-Backed Stablecoin Governed by Its Users

A consortium of more than 140 financial and technology...

Former Goliath CEO Pleads Guilty to Crypto Fraud, Money Laundering

Former Goliath Ventures CEO Christopher Alexander Delgado pleaded guilty...

OKX launches AI Marketplace for Autonomous Agent Economy

Cryptocurrency exchange OKX has rolled out the beta launch...

Trump’s Crypto Income Beats Real Estate in 2025

US President Donald Trump’s cryptocurrency ventures generated more income...