Ledger CTO Flags MPC Risk After THORChain's $10.8M Vault Hit

Markets 2026-05-16 03:18

Ledger CTO Flags MPC Risk After THORChain's .8M Vault Hit

THORChain (RUNE) halted trading and signing on Friday after attackers drained roughly $10.8 million from one of its Asgard vaults, with Ledger's CTO flagging possible MPC weaknesses.

Asgard Vault Drained Across Four Chains

The cross-chain liquidity protocol paused trading and signing operations after on-chain investigator ZachXBT flagged suspicious outflows targeting vaults on Bitcoin (BTC), Ethereum (ETH), BNB Chain, and Base.

In a statement, THORChain said the network automatically detected abnormal activity and suspended signing to block further outbound transfers.

One of six Asgard vaults appeared compromised, churn was paused, and node operators were asked to review key management and operational security.

The protocol's Mimir governance module flipped trading and signing halts to active, with the pause running for roughly 12 hours from block 26190429.

Wallets tied to the attacker hold about 3,443 ETH, 36.85 BTC, and 96.6 BNB, alongside USDT, USDC, WBTC, AAVE, and LINK. RUNE fell about 12% on the news, dropping toward $0.50. THORChain said initial indications suggest user funds were not directly affected.

Also Read: Gemini Space Station Hit By Multiple Securities Fraud Claims After IPO

Ledger CTO Flags MPC Risk

Charles Guillemet, chief technology officer at hardware wallet maker Ledger, suggested the incident could involve weaknesses in threshold signature scheme infrastructure.

Citing remarks from THORChain contributor JP Thor, Guillemet said the breach could be an MPC exploit involving GG20, a threshold signature protocol used in some multi-party computation wallet systems.

He noted that earlier GG18 and GG20 protocols have faced critical vulnerabilities, including CVE-2023-33241 and TSSHOCK.

Guillemet warned that advances in AI-assisted vulnerability discovery may be lowering the bar for compromising validator infrastructure once thought hard to attack.

A theoretical attack path, he said, could involve compromising a validator, waiting for it to join an active vault, exploiting malformed proofs during signing, and reconstructing vault keys offline. He cautioned that the root cause remains unclear, and investigators have not confirmed whether a known GG20 flaw or a new weakness was involved.

THORChain's Recent Security Record

THORChain's vaults rely on TSS, a cryptographic system that lets multiple nodes jointly produce signatures without rebuilding the full private key in one place. The architecture has long been viewed as a strength of cross-chain DeFi, yet it has now drawn fresh scrutiny.

The protocol has weathered several high-profile incidents over the past year. In Feb. 2025, attackers behind the $1.4 billion Bybit hack routed close to $1.2 billion through THORChain to convert assets into Bitcoin.

The KelpDAO exploiter also used the THORChain protocol to move about $80 million in Ether, while THORChain co-founder JP Thorbjornsen lost $1.35 million in a deepfake Zoom scam in Sept. 2025.

Read Next: Southeast Asia Blockchain Week Brings Ripple, Avalanche, Solana Foundation, And K-Pop To Bangkok

Share to:

This content is for informational purposes only and does not constitute investment advice.

THORChain News thorchain Security Blockchain
Recommended Reading
2026-05-16 03:18
Ledger CTO Flags MPC Risk After THORChain's $10.8M Vault Hit
2026-05-16 01:28
Solana Already Bounced Off $98, Now Bulls Want To Crack It For Real
2026-05-16 00:01
Claude Mythos Solves 32-Step AISI Hack In 6 Of 10 Attempts
2026-05-15 23:07
XRP Whale Wallets Hit Record 332,230 In 2026's Quiet Accumulation Wave
2026-05-15 22:22
Bitget Launches AI Hub As 1M Users Drive $1.2B In Trades
2026-05-15 20:54
THORChain Drained For $10.8M In Multi-Chain Hack, RUNE Sinks 12%

Popular Articles

Curated Series

SuperEx Popular Science Articles Column

SuperEx Popular Science Articles Column

This collection features informative articles about SuperEx, aiming to simplify complex cryptocurrency concepts for a wider audience. It covers the basics of trading, blockchain technology, and the features of the SuperEx platform. Through easy-to-understand content, it helps users navigate the world of digital assets with confidence and clarity.
Unstaked related news and market dynamics research

Unstaked related news and market dynamics research

Unstaked (UNSD) is a blockchain platform integrating AI agents for automated community engagement and social media interactions. Its native token supports governance, staking, and ecosystem features. This special feature explores Unstaked’s market updates, token dynamics, and platform development.
XRP News and Research

XRP News and Research

This series focuses on XRP, covering the latest news, market dynamics, and in-depth research. Featured analysis includes price trends, regulatory developments, and ecosystem growth, providing a clear overview of XRP's position and potential in the cryptocurrency market.
How do beginners trade options?How does option trading work?

How do beginners trade options?How does option trading work?

This special feature introduces the fundamentals of options trading for beginners, explaining how options work, their main types, and the mechanics behind trading them. It also explores key strategies, potential risks, and practical tips, helping readers build a clear foundation to approach the options market with confidence.

What are the risks of investing in cryptocurrency?

What are the risks of investing in cryptocurrency?

This special feature covers the risks of investing in cryptocurrency, explaining common challenges such as market volatility, security vulnerabilities, regulatory uncertainties, and potential scams. It also provides analysis of risk management strategies and mitigation techniques, helping readers gain a clear understanding of how to navigate the crypto market safely.