THORChain developers have confirmed a breach of the cross-chain protocol amounting to $10 million and denied the launch of a compensation program.
THORChain incident update #2
We have become aware of multiple fake accounts and false information circulating regarding “refunds”, “airdrops”, compensation claims, and other alleged initiatives.To be absolutely clear:
— Initial findings indicate that no user funds were…— THORChain (@THORChain) May 16, 2026
According to PeckShield, the attacker stole 36.75 BTC and approximately $7 million in EVM tokens across the Ethereum, BNB Chain, and Base networks.
Following the incident, the THORChain team suspended the protocol’s operations. Trading options, liquidity pool operations, and other “sensitive” actions became unavailable.
The main theory regarding the attack vector is that the perpetrator exploited a vulnerability in the GG20 TSS threshold signature scheme implementation, which allowed the leakage of confidential key information of the multisig vault participants. Over time, the hacker gathered enough data to reconstruct the private key and execute unauthorized outgoing transactions.
“The team continues to work on a comprehensive recovery and network relaunch plan. Returning to trading and full functionality will likely take several days or longer, depending on the complexity of the chosen remediation path,” the statement said.
The developers assured that user funds were not affected by the incident. They noted the emergence of numerous resources offering compensation.
“THORChain is currently not conducting any refund, airdrop, or compensation programs. Any account claiming otherwise is impersonating us or spreading misinformation,” the team emphasized.
One portal, allegedly launched on behalf of the THORChain Foundation, offers to connect the affected wallet for compensation. According to the statement, the “refund window” will close in 21 days. Commentators highlight that this is a scam and urge caution.
Back in April, a record number of hacks in the crypto industry were recorded in a single month. More than 20 incidents resulted in losses amounting to $651 million.