THORChain resumed full operations on Tuesday morning after a month-long halt triggered by a $10.7 million exploit in May. The protocol's official account announced the restart just before 3 a.m. ET, confirming that signing, churning, swaps, and liquidity-provider actions are all running again. RUNE was trading around $0.42 at the time, up 3.7% in the past 24 hours, according to CoinGecko.
The May Exploit and Fallout
The halt began on May 15 when one of six Asgard vaults was compromised, resulting in approximately $7.4 million in unauthorized transactions before the network stopped signing. Total losses reached $10.7 million as funds were drained across Bitcoin, Ethereum, BNB Chain, and Base vaults. On June 1, security startup V12 disclosed that it had reported a near-identical vulnerability to THORChain developers weeks before the breach, alleging the protocol silently applied a patch without paying the bounty and later told researchers the bounty program was permanently retired. V12 said it planned to release exploit code for additional unpatched bugs.
Systematic Recovery Process
The restart statement credited the six-week timeline to systematic verification rather than speed. Developers confirmed every vault and keyshare before reopening functions, according to the announcement. Node operators, the dev team, and the Maya Protocol team — which kept liquidity available during the downtime — were cited as contributors to the recovery. THORChain routes cross-chain swaps through liquidity pools without wrapped tokens or bridges, and the protocol describes itself as the leading Bitcoin DEX.
Upcoming Features
The restart post lists native Monero swaps as the next feature, with end-to-end testing complete and a live launch described as on the horizon. Zcash support follows close behind. Dynamic fees and deeper liquidity are also in progress, per the announcement.