Malicious node operator and GG20 vulnerability behind THORChain security breach
A vulnerability in the GG20 system enabled a rogue node to piece together a complete private key to a THORChain vault, resulting in a $10.7 million security breach.
According to THORChain, a rogue node operator took advantage of a security flaw in the protocol's GG20 threshold signature system, successfully draining approximately $10.7 million from a single vault belonging to the platform.
THORChain's vaults are protected using the GG20 threshold signature scheme, which distributes key control among numerous node operators, ensuring that under normal circumstances, no individual node possesses the complete private key.
According to a post-mortem analysis published on Wednesday, the security weakness enabled the rogue node operator to piece together a complete private key for a single vault through what the protocol described as "progressive key material leakage."
According to THORChain, the platform's automated solvency monitoring systems activated within minutes of the breach and immediately suspended signing operations and trading activities across multiple blockchain networks without requiring human input. Following this initial automated response, node operators communicated through Discord channels to execute a complete network shutdown within two hours and successfully implemented a security patch addressing the vulnerability.
The detailed post-mortem analysis demonstrates that the protocol's automated solvency monitoring mechanisms operated as designed and prevented the attacker from extracting additional funds. This comprehensive report was published approximately one week after blockchain security researcher ZachXBT initially identified the $10 million security breach, which was quickly followed by THORChain's announcement of a complete suspension of all trading and signing operations.
This security breach contributes to a growing wave of cryptocurrency exploits, which collectively drained over $634 million throughout April, based on data compiled by DefiLlama.
THORChain weighs recovery path without RUNE sales
On Friday, THORChain announced that the recovery strategy following the exploit would be decided through community consensus and released governance proposal ADR-028, which is currently accepting votes from node operators.
Under the terms of the proposal, THORChain would initially absorb losses using protocol-owned liquidity, then distribute any remaining shortfall among synth holders. While this approach would completely deplete the protocol-owned liquidity, it includes provisions to redirect a percentage of future protocol income toward replenishing these reserves gradually, all while avoiding the minting or selling of any THORChain (RUNE) tokens.
Additionally, THORChain extended a recovery bounty offer for the return of the misappropriated funds and announced plans to slash the attacking node while simultaneously safeguarding innocent nodes that happened to be grouped in the same vault with the malicious operator.
The ADR-028 proposal recommends maintaining the current GG20 TSS framework with patches and upgrades and stated that trading operations would only recommence after the security vulnerability has been completely resolved, eliciting varied responses from observers within the cryptocurrency industry.
Bird, a pseudonymous cryptocurrency project analyst, suggested that the original vulnerability indicates the GG20 TSS signing stack contains a "flaw in randomness generation or local signing isolation," while simultaneously commending THORChain's automated safeguard mechanisms for successfully minimizing the extent of damage caused by the exploit.
Some industry observers expressed stronger criticism regarding the decision. Crypto investor JP wrote in a Wednesday post on X: "My mental model is that GG20 has many brittle assumptions. You can keep patching it, but it will forever be a bit of a black box."
Data from CoinMarketCap indicates that the RUNE token experienced a 15.5% price decline during the week immediately following the security breach, though it managed to stage a 4% price recovery in the 24-hour period ending at 11:00 a.m. UTC on Friday.