THORChain
May 15, 2026
•[ cryptocurrency theft, vulnerability exploit, private key reconstruction ]
THORChain said a malicious newly churned node operator exploited a vulnerability in the GG20 threshold signature scheme on May 15, 2026, reconstructed a vault private key, and drained approximately $10.7 million from one vault across multiple blockchains. THORChain halted trading and signing operations as a defensive response after the exploit was identified. Public reporting did not identify the perpetrator by name or country.
