THORChain Reopens Trading After Month Long Halt
THORChain has resumed trading after more than a month offline, marking the end of one of the more serious operational pauses in recent cross chain DeFi.
THORChain has resumed trading after more than a month offline, marking the end of one of the more serious operational pauses in recent cross chain DeFi.
The protocol says its security upgrades are now complete, old vaults have been migrated, and the network has moved through the staged restart process required to bring swaps back online. Native ZEC swaps are expected next, giving the project a forward looking announcement after weeks spent in recovery mode.
The halt began after THORChain suffered a targeted exploit on May 15. According to the protocol’s own incident report, roughly $10.7 million was drained from a single vault while the remaining vaults were unaffected. The attacker was described as a newly churned node operator who had entered the active validator set shortly before the incident and exploited a vulnerability in the GG20 Threshold Signature Scheme used to coordinate vault signing.
The immediate response was not cosmetic. THORChain’s automated solvency checks detected the imbalance and halted signing and trading across multiple chains. Node operators then coordinated through governance to bring the wider network into a controlled pause, stopping trading, signing, chain observation and churning while the exploit was investigated.
That response is now part of the story THORChain wants the market to remember. The protocol was exploited, but the network did not simply continue operating while uncertainty spread through the system. It stopped. It isolated the damage. It forced the restart through a staged process instead of rushing liquidity back into an unstable environment.
The recovery process centred on security patches, ADR 028, compromised vault handling, keyshare verification and vault migration. Validators had to complete checks before signing could resume. Assets then had to be moved into new vaults through the churn process. Only after that could secured and trade assets reopen, liquidity provider actions resume, and trading return.
For users, the practical update is simple. THORChain swaps are back.
For the wider DeFi market, the more interesting point is what this says about cross chain infrastructure. THORChain exists to let users swap native assets across chains without relying on wrapped assets or centralised exchange custody. That makes it powerful, but it also places huge pressure on the vault architecture. The system is not just moving numbers inside one chain. It is coordinating real native assets across multiple networks, each with its own signing environment, failure modes and operational risks.
This is where the CipherBot lens stays sharp.
A restart does not erase the exploit. A clean migration does not erase the question of how a newly churned node was able to become part of the attack path. The return of trading proves the network has recovered enough to operate again, but it also leaves the market watching for something more important than a green status page. It needs proof of stability under pressure.
The next phase is reputational.
Liquidity providers need confidence that the new vault structure and patched signing logic are stronger than the system that failed. Traders need routes that work without hesitation. Node operators need the network to show that the recovery process was not just a patch sequence, but a meaningful hardening of the protocol’s core assumptions.
The coming native ZEC integration adds another layer. Privacy adjacent assets and native cross chain swaps are exactly the kind of functionality that make THORChain valuable, but they also raise the standard for operational resilience. The more assets a protocol touches, the more serious its security model becomes.
THORChain is back online. That is the update.
The deeper story is that cross chain DeFi is still one of the hardest places in crypto to secure. Every protocol that promises native asset movement across chains is asking users to trust the coordination layer, the validator set, the signing scheme, the vault design and the emergency controls. When one of those layers breaks, the entire system is tested.
THORChain has passed the first test of recovery by bringing trading back without pretending the halt was minor.
The next test is harder.
Stay online. Stay solvent. Stay trustless under stress.
---
Zero Trust Network · Intelligence Division · Truth · Strategy · Sovereignty
Discussion