Attackers exploited a GG20 TSS weakness in one of THORChain's six Asgard vaults to drain ~$10.7M; the network paused for 39 days and fully compensated users.
On May 15, 2026, attackers exploited weaknesses in THORChain's GG20 threshold signature scheme (TSS) infrastructure, targeting one of six Asgard vaults and draining approximately $10.7M. The network was paused for 39 days and reopened on June 23, 2026. While the funds themselves were not recovered, 100% user compensation was completed.
No laundering activity observed. Funds not recovered, but users were fully compensated by the protocol.
N/A