The information provided on EL7.AI is for educational and informational purposes only and does not constitute financial advice.

CryptoUpdated×4•Originally published 22 May 2026•Updated 22 May 2026•

2 min read

THORChain Faces Security Backlash Following $10.7M Exploit

Key Facts

1THORChain faced criticism from security researchers after proposing to continue using its patched GG20 signing framework.

2The network suffered a $10.7 million exploit tied to the GG20 system prior to the fix proposal.

Amid rising concerns over decentralized protocol security, THORChain has faced widespread criticism from security researchers following its proposal to continue using a patched version of the GG20 signing framework. According to reports, the network suffered a $10.7 million exploit directly tied to the GG20 system prior to the current fix proposal. This controversy arrives at a critical juncture as the network attempts to rebuild user trust following a series of technical challenges.

These criticisms occur within a broader context where many DeFi projects are migrating to more modern frameworks like FROST or ROAST to avoid structural vulnerabilities in legacy systems. Per market data, infrastructure trust remains a primary driver of market capitalization, and the THORChain exploit has previously triggered notable selling pressure. Security experts suggest that merely "patching" vulnerabilities in the GG20 framework may be insufficient to prevent sophisticated future attacks.

12 days ago

Version History

Version 412 days ago

What changed: Added technical details regarding the exploit mechanism and the role of a malicious node.

Version 312 days ago

What changed: Added technical details regarding how the exploit occurred via private key reconstruction.

Version 212 days ago

What changed: Added an update paragraph regarding the commencement of the governance vote to restart the network.

Version 112 days ago

What changed: Added technical details regarding how the exploit occurred through private key reconstruction.

On the trading front, investors are monitoring network stability amid these technical pressures, noting the absence of immediate price data for linked assets in recent updates. Looking at the economic calendar, macro data such as Russia's inflation rate (5.6% YoY on May 15, 2026) or Japan's GDP growth (2.1% on May 18, 2026) could influence general risk appetite in the crypto market, warranting caution at current support levels.

Latest Updates · 4

Notable·22 May 2026 · 17:31
Update: Subsequent technical investigations revealed that the exploit was executed by leveraging a flaw in the GG20 threshold signature system, where a malicious operator node progressively leaked cryptographic material. This leakage allowed the attacker to reconstruct the vault's full private key, leading directly to the drainage of funds and confirming concerns regarding structural vulnerabilities in the framework.
Notable·22 May 2026 · 16:32
Update: Subsequent technical investigations revealed that the GG20 signing framework vulnerability was more severe than initially reported, allowing a malicious node to reconstruct the full private key to one of THORChain's vaults. This technical detail reinforces analyst concerns regarding structural weaknesses in the current framework.
Notable·22 May 2026 · 15:31
Update: The network has moved into a recovery phase as node operators began voting on governance proposal ADR028. This proposal seeks to formalize the technical steps required to restart the network and secure operations following the resolution of recent security vulnerabilities.
Notable·22 May 2026 · 15:30
Update: Subsequent technical investigations revealed that the GG20 vulnerability enabled a malicious node to reconstruct the full private key for one of the protocol's vaults. This structural flaw directly facilitated the $10.7 million theft, reinforcing researcher concerns regarding the safety of relying on patched versions of the same framework.