Trading on @THORChain could resume in the coming weeks. Asaf from @sodabubblelabs says it wasn't an AI hack. The full restart timeline in this week's THORSday recap: 👇🏻 blog.thorchain.org/thorchain…

THORChain Incident Update #5 The devs and security teams are working hard to bring the network safely back online. The focus is on getting this right, without rushing any steps. Security and stability remain the top priorities. Nodes have upgraded to v3.18.1, which contained a patch and restores @RujiraNetwork's ability to manage credit accounts (borrow / repay). ADR028 has been approved by the nodes. The next major step is cutting and testing v3.19.0. Additional changes are being made to the release and will be tested on stagenet before moving to mainnet. The target is to have it on stagenet by EOD tomorrow, though an exact timeline is yet to be confirmed. Once finalised and pushed for mainnet adoption, all node operators are asked to upgrade as quickly as possible so the network can come back online safely and efficiently. With ADR028 now approved, the bounty is active, meaning the hacker has an open window to return a portion of the funds. The protocol will also cover the remaining loss using POL. The figures are still being defined and will be shared in a follow-up announcement. One important note: tss-lib has temporarily been moved to closed source for the next few weeks to allow THORSec to complete a full security audit without exposing ongoing remediation work. The repository will be reopened once this is complete. More updates coming soon. We appreciate the patience and support.

The "privacy" era in crypto has officially begun

Station is live. The wallet Terra users trusted is back, rebuilt as the world's first fully agentic wallet. This is a major step forward for Station: safer custody, a stronger foundation, and the beginning of a new multi-chain future. And as users come in, we’ll keep moving fast: listening to reports, fixing issues, and improving the experience every day. Jump into the new universe, download it and try it. Post on X. Share what you like, what felt confusing, or what needs improvement. Any feedback helps us iterate and improve faster Our devs are watching closely. Discord and telegram are open. Station is back. And we’re just getting started.

⚡ This Saturday on the THORChain Podcast | Ecosystem & Community Spotlight. @QuaiNetwork joins @KentonC137 and @patriotsounds live at 10AM EDT / 2PM UTC. Quai Network is building an energy-based monetary system where energy becomes money. Jump on stage and ask your questions live: riverside.com/studio/thorcha…

THORChain Incident Update #4 Following the events of May 15th, the community has been hard at work defining a path forward. ADR028 is now published and a vote is open for Node Operators. 🔹 The Recovery Plan 🔹 The protocol will absorb the loss first through Protocol-Owned Liquidity and the remainder is spread across synth holders (The exact split between the two is still being evaluated). By doing so, POL will be reduced to zero. The ADR proposes to redirect a portion of system income to replenish it over time. No new RUNE is minted, no RUNE is sold, and no holder is diluted. 🔹 The Technical Decisions 🔹 GG20 is kept in place for now, patched and upgraded. Trading resumes only after the vulnerability is patched and a successful churn has occurred. A slower, more security-conscious release cadence is also called for going forward. 🔹 The Slashing 🔹 Innocent nodes that end up being in the same vault as the attacker are protected. The attacker's node is slashed in full. The recovered RUNE is paired with whatever assets can be recovered from the affected vault, and any surplus RUNE is burned. 🔹 The White Hat Offer 🔹 The attacker is offered a bounty to return the funds. If funds are returned partially, the recovery plan rolls back proportionally. 🔹 Protocol Neutrality 🔹 THORChain remains neutral and permissionless. The attacker's swaps will not be censored once trading resumes. Node Operators are now voting on the overall direction and principles of this proposal. The figures in the ADR are indicative at this stage and will be adjusted later, notably via Mimir. The goal is to restart the network as soon as possible. A yes vote is a green light for developers to continue building in that direction. Full details of ADR028 gitlab.com/-/snippets/599292… For those who want to understand the full context of what happened, this article is for you: thorchain.org/blog/thorchain…

THORChain Exploit Report #1 is now live. Full timeline of the May 15 incident, how the security layers responded, and what comes next via ADR-028. thorchain.org/blog/thorchain…

THORChain incident update #3 The developers and THORSec teams have been hard at work throughout the weekend continuing the investigation to fully understand the events that took place, while also planning the road to recovery. It’s important to note that the investigation is still ongoing, and details may change in the coming days as we continue to gather information and adjust plans accordingly. At this time, the team has a strong understanding of what occurred and how the attack was executed, although they are not yet in a position to publicly discuss the technical details. What they can say is that the attack vector does not appear to be related to any currently known GG20 exploits, and at this stage are still assessing whether other GG20 implementations could also be at risk. The team will continue investigating this possibility and will coordinate with other affected teams as appropriate. We would like to thank the many cryptographers and security researchers who assisted throughout this process, including members of the team that originally developed GG20. The team currently expects to release version 3.18.1 tomorrow for node operators to adopt. We ask that all node operators upgrade to this release as soon as possible. There is also an open question regarding the best approach for handling the lost funds within the network. This will need to be discussed and ultimately decided by the community through governance. To facilitate this discussion, there’s a new channel in Discord called ⁠adr-028-tss-exploit-recovery . Before the network can return to a healthy state, nodes will need broad consensus on this ADR, after which the selected approach will be implemented as part of the 3.19 update. THORChads are encouraged to share well-structured and thoughtful proposals for the community to support or challenge. In the coming days, a vote will occur highlighting the most widely supported approaches for node operators to vote on. Regarding the future direction of the cryptographic systems used to secure the vaults, that discussion is still ongoing and requires additional research before any long-term decisions are made. For the immediate future, the team is currently leaning toward remaining on GG20 in order to restore network health and stability as quickly and safely as possible. Longer-term discussions around the future of THORChain’s cryptographic security model will continue once the network has stabilized. We are proud of how both the developer team and community have handled this situation. Everything will get running again as soon as possible, but the process will not be rushed. THORChain has a strong roadmap ahead, and devs are excited to return their focus to continuing to push the envelope of what this project can achieve. Onwards