Many thanks, this means a lot to me!🫡

Hey, @THORChain & @RujiraNetwork weekly recap is up! We are almost ready to go back online, with some Rujira updates, & we also had amazing podcast episodes with @TheDesertLynx @BooneW, & on Saturday with @HydratedGoose & @DrFuture8000 from @zephyr_org youtu.be/Q4HPu0dLzdo?si=eAVK…

Yeah… Anyway, TC still finding its footing in this brave new world with AI lurking and being weaponized both in attacks but, more frustratingly, in the constant submission of AI slop spam. I will work with core team and the ecosystem to get TC’s security posture up to par, but it will undoubtedly look different than the previous L1 landscape of bug bounties via platforms, they became literally unusable. How to filter the noise is now an important problem to solve, and how to manage submissions in a trustless environment also. The role of security researchers will also evolve, but the threatening recourse breaking responsible disclosure is not the path. On the other hand, apologies to the honest, hard working contributors and researchers who’ve had a negative experiences in the past, please reach out to me if there is something to address from the past honorably. For now, I am aware of x.com/qed_audit/status/20616… and @kayabaNerve , my DM’s are open good sers 🙂 I think I can largely speak for TC nodes and users that security is valued, even if it has been mishandled in the past.

Hey all, the @THORChain & @RujiraNetwork weekly recap is up! #THORChain is close to resuming operations, #Rujira Credit Accounts are back online, 2 awesome podcasts with @sodabubblelab & @deving_zone. STO 🤝 @Maya_Protocol youtu.be/YCo-YlElj8U?si=DwOC…

Hey all, @THORChain & @RujiraNetwork weekly recap is up! The main topic was the recent exploit and the path forward! 💪 youtu.be/kczaiTQ9uyM?si=DhJp…

Incident Update #4 is live and the ADR-028 proposal is on the table Here’s everything you need to know about the @THORChain Recovery Plan 👇 → POL absorbs the loss first. Synth holders take what's left → No new RUNE minted. No holder diluted. No RUNE sold to cover anything → Attacker slashed in full. Recovered RUNE paired with vault assets, surplus burned. → Innocent nodes protected → White hat bounty on the table. Return the funds, the plan rolls back proportionally. → Protocol neutrality holds. Attacker's swaps won't be censored once trading resumes Node Operators vote now. Yes = green light to restart No mint. No bailout. No censorship. Full transparency Onwards⚡

THORChain Exploit Report #1 is now live. Full timeline of the May 15 incident, how the security layers responded, and what comes next via ADR-028. thorchain.org/blog/thorchain…

New fresh thorchain.org/ is LIVE!

TSS Exploit Update #3 → Attack understood, technical details not yet public → Not a known GG20 exploit → v3.18.1 tomorrow. Node operators instructed to upgrade immediately → Decisions over lost funds set by ADR-028 community governance vote TLDR; we're making progress 💚

THORChain incident update #3 The developers and THORSec teams have been hard at work throughout the weekend continuing the investigation to fully understand the events that took place, while also planning the road to recovery. It’s important to note that the investigation is still ongoing, and details may change in the coming days as we continue to gather information and adjust plans accordingly. At this time, the team has a strong understanding of what occurred and how the attack was executed, although they are not yet in a position to publicly discuss the technical details. What they can say is that the attack vector does not appear to be related to any currently known GG20 exploits, and at this stage are still assessing whether other GG20 implementations could also be at risk. The team will continue investigating this possibility and will coordinate with other affected teams as appropriate. We would like to thank the many cryptographers and security researchers who assisted throughout this process, including members of the team that originally developed GG20. The team currently expects to release version 3.18.1 tomorrow for node operators to adopt. We ask that all node operators upgrade to this release as soon as possible. There is also an open question regarding the best approach for handling the lost funds within the network. This will need to be discussed and ultimately decided by the community through governance. To facilitate this discussion, there’s a new channel in Discord called ⁠adr-028-tss-exploit-recovery . Before the network can return to a healthy state, nodes will need broad consensus on this ADR, after which the selected approach will be implemented as part of the 3.19 update. THORChads are encouraged to share well-structured and thoughtful proposals for the community to support or challenge. In the coming days, a vote will occur highlighting the most widely supported approaches for node operators to vote on. Regarding the future direction of the cryptographic systems used to secure the vaults, that discussion is still ongoing and requires additional research before any long-term decisions are made. For the immediate future, the team is currently leaning toward remaining on GG20 in order to restore network health and stability as quickly and safely as possible. Longer-term discussions around the future of THORChain’s cryptographic security model will continue once the network has stabilized. We are proud of how both the developer team and community have handled this situation. Everything will get running again as soon as possible, but the process will not be rushed. THORChain has a strong roadmap ahead, and devs are excited to return their focus to continuing to push the envelope of what this project can achieve. Onwards

Hey all, @THORChain & @RujiraNetwork weekly recap is up! The main topic was obviously the recent exploit, but we also had time for an app layer discussion and a podcast with @firoorg! Thank you all for the support! @Dashpay @XBToshi @banteg and others! youtu.be/f0iFwsRSv1I?si=TK5D…

THORChain incident update #2 We have become aware of multiple fake accounts and false information circulating regarding “refunds”, “airdrops”, compensation claims, and other alleged initiatives. To be absolutely clear: - Initial findings indicate that no user funds were lost in the incident - THORChain is currently conducting no refund, airdrop, or compensation program - Any account claiming otherwise is impersonating THORChain or spreading misinformation. Please rely only on official THORChain communication channels for updates. THORChain contributors are still actively investigating the recent incident alongside THORSec and external security partners. More information will be shared as the investigation progresses.

There's a good reason THORChain's being smeared online after the recent exploit: symbolism. The protocol has become the symbol of permissionless finance. When it dared to try to resist censorship, it painted a massive target on its back. Now, people who champion permissioned protocols are piling on, because permissionlessness is a threat to them. And yes, even architects of other permissionless protocols are joining in out of pure envy. THORChain is technology filled with innovation and genius, flaws and mistakes. But, like it or not, in this moment it represents much more than just itself. Stand with the THORChads, not because you like them, but because right now, they're at the front lines of the war for freedom. Asgard calls for aid.

THORChain incident update #1 THORChain contributors shared a new update in the dev discord regarding the ongoing incident. TLDR - Current evidence points toward a newly churned node linked to the attack, likely operated by a single malicious actor - The leading theory is an exploit in the GG20 TSS implementation, allowing vault key material to leak over time. The attacker may have reconstructed the vault private key and executed unauthorized outbound txs - Current network status: -- The network is paused after multiple node operators executed make pause -- RUNE transfers and chain observation may resume within ~12h unless decided otherwise by the nodes. -- Trading, LP actions, signing, and sensitive operations remain paused for now - Recovery discussions currently include slashing affected node bonds, using POL to absorb losses, or other community-driven solutions The investigation is still ongoing alongside THORSec and Outrider Analytics. ## Full Announcement ## Developers and THORSec have been investigating today’s incident continuously throughout the day. While new information may still emerge, I want to provide the community with an update based on what we currently know. The goal of this update is to clarify the current understanding of the situation as accurately and transparently as possible. A newly churned node, thor16ucjv3v695mq283me7esh0wdhajjalengcn84q, which entered the network several days ago, is currently believed to be associated with the attack. Developers have identified links between Ethereum addresses used to acquire and bond RUNE for this node, and Ethereum addresses that later received the stolen funds. Based on current evidence, it is believed this was conducted by a single malicious operator, though the investigation remains ongoing. At this time, the leading theory is the attacker exploited a vulnerability within the GG20 TSS implementation which allowed sensitive key material from vault participants to leak over time. By accumulating enough leaked information, the attacker was ultimately able to reconstruct the vault’s TSS private key and execute unauthorized outbound transactions. The Treasury is actively collecting forensic data and coordinating with Outrider Analytics and relevant law enforcement agencies in an effort to identify the attacker and pursue recovery of stolen funds where possible. Due to multiple node operators executing make pause, the network is currently paused. Unless further action is taken, the pause state will automatically expire in approximately 12 hours. At this time, the development team is comfortable allowing the pause to expire in order to restore RUNE transfers and chain observation activity. However, trading, signing, LP actions, and other sensitive operations will remain paused until the network and community align on a comprehensive recovery and remediation plan. The recovery process will likely require node governance decisions regarding how losses are ultimately handled. Several potential approaches are already being discussed, including: Slashing the bond of nodes participating in the affected vault Allowing Protocol-Owned Liquidity (POL) to absorb the loss Additional recovery proposals that may emerge from the broader community At this stage, no final decisions have been made. The team is continuing to work on a complete recovery and restart plan for the network. Bringing trading and full functionality back online will likely take several days, and potentially longer depending on the complexity of the chosen remediation path. We will continue to provide updates as more information becomes available. Finally, I want to thank the developers, node operators, security contributors, and the broader THORChain community for the enormous amount of work done today. One of THORChain’s greatest strengths has always been the community’s ability to come together under pressure, collaborate quickly, and solve difficult problems together.

We will be doing a Livestream with @CBarraford around 3:15p - 3:30p ET to go over the recent exploit. To ask questions please watch the stream on YouTube and type in your questions there. Comments on the Twitter livestream do not show up on our end. youtube.com/@THORChainCommun…

Important Announcement Trading on THORChain is currently halted after a vault was compromised. Initial indications are user funds are safe and only protocol owned funds are affected. The network automatically detected abnormal behavior and halted signing activity, which alerted the broader community and prevented further outbound transactions. The investigation is still ongoing to determine the root cause. Contributors are actively working on the issue and we will report updates as we progress toward a solution. What we currently know: * One of the six Asgard vaults appears to have been compromised. * Current estimates place the loss at approximately $10.7m USD * The network automatically detected the abnormal behavior and halted signing activity, preventing further outbound activity. * Nodes securing the vault were subject to their bonded RUNE being slashed as a result of the unauthorized outbound transactions. * Churn activity has been paused while the investigation and remediation efforts are ongoing. * Onboarding additional chains and operations requiring churns will be delayed until the network is stabilized. * Initial indications show no individual user swaps were affected. We are asking all node operators to immediately review their infrastructure, hosts, key management systems, and operational security for any signs of compromise or abnormal behavior, and to report anything suspicious in Discord. Node operators participating in the affected vault are requested to securely provide Bifrost logs to the dev team for analysis using 'make relay' .

Did you miss live demo swapping $XMR? Soon @THORChain will have @monero available 👀 Thanks @jpthor @BooneW and @CBarraford 🙏 👇 youtu.be/65U3rjVXfx0

Join THORChain Live now! youtube.com/live/kXM-GGeqLbk x.com/i/broadcasts/1DGleEPzZ… linkedin.com/video/live/urn:… And request to speak: riverside.com/studio/thorcha… If you don’t want to speak, you can leave a comment in the live chat and the hosts will see it. (YouTube is the most reliable one)

This will be huge🔥

Successful @monero churn has happened! I repeat: Monero swaps are working on the chain net! 🔥 LFG @BooneW

Hey all, @THORChain & @RujiraNetwork weekly recap is up! @Monero merged to chainnet, v3.18 live soon, bRUNE caps raised, @StationWallet acquired, podcast with @TheDesertLynx from @Dashpay youtu.be/OBYRzNqCncg?si=lrd3…