THORChain
May 15, 2026
•[ cryptocurrency theft, vulnerability exploit, private key reconstruction ]
THORChain said a malicious newly churned node operator exploited a vulnerability in the GG20 threshold signature scheme on May 15, 2026, reconstructed a vault private key, and drained approximately $10.7 million from one vault across multiple blockchains. THORChain halted trading and signing operations as a defensive response after the exploit was identified. Public reporting did not identify the perpetrator by name or country.
At least one blockchain developer
January 22, 2026
•[ phishing, blockchain, credential theft ]
IT technicians and blockchain developers were targeted in a phishing campaign attributed to the NGB 3rd Technical Surveillance Bureau (KONNI/APT37), resulting in unauthorized access to end-user systems and the compromise of stored development and infrastructure credentials.
