THORChain, a decentralized cryptocurrency exchange protocol that serves as a meta layer across various blockchains, suspended trading activities on Friday following a suspected security exploit that led to the theft of approximately $10 million in crypto assets. Designed for cross-chain swaps of native tokens without requiring them to be wrapped, THORChain posits that its method offers a more secure trading mechanism between different blockchain networks. However, multiple blockchains were affected during this incident.
The alarm was raised by security researchers who detected suspicious activity that seemed to stem from a compromise of one of THORChain’s Asgard vaults. The vulnerability was connected to the protocol’s threshold signature scheme, which is used for managing liquidity across chains. This flaw enabled unauthorized outbound transactions from the vault, resulting in significant losses initially estimated at $10.7 million, with subsequent reviews pushing the figure closer to $11 million spanning at least nine different networks. Notable assets stolen included around 36.75 Bitcoin, along with tokens from Ethereum, BNB Chain, Base, Avalanche, Dogecoin, Litecoin, Bitcoin Cash, and the XRP Ledger.
In response, THORChain’s automated systems detected the irregular behavior, triggering emergency protocols that included halting trading and signing activities globally to mitigate further losses. The team maintained that end-user funds were not impacted by this incident.
Charles Guillemet, Chief Technology Officer of Ledger, a cryptocurrency hardware wallet manufacturer, commented on the shifting threat landscape in a preliminary assessment. He noted how advancements in artificial intelligence are altering the dynamics of vulnerability discovery, making it easier for malicious actors to compromise sophisticated systems like those employed by THORChain.
Adding to the conversation, Adam Back, CEO of Blockstream, criticized the complexity and fragility of interactive multi-party cryptography, arguing that it is inherently prone to vulnerabilities and hard to secure. Despite being portrayed as an “unstoppable” exchange protocol, the validators within the THORChain network chose to suspend trading as the investigation continued, and trading remained paused as of Sunday.
The incident occurred against a backdrop of increasing scrutiny on the security of blockchain networks and decentralized finance (DeFi) protocols. In the past year, various networks have exhibited traits akin to traditional finance firms, resorting to emergency measures during crises, such as halting operations following hacks or technical issues.
For example, last year saw the suspension of multiple blockchains in response to a $120 million exploit affecting Balancer. Similarly, the Arbitrum layer-two Ethereum network faced backlash for seizing $71 million in hacked funds, leveraging its emergency powers rather than resorting to community-based governance processes.
The trend extends beyond protocol vulnerabilities. The centralization of stablecoins has also come under fire, highlighted by Tether’s recent seizure of $344 million worth of USDT associated with sanctions evasion linked to the Iranian regime. This move underscores an effort by stablecoin issuers to control their ecosystems more tightly, with companies like Circle pursuing development of proprietary blockchains.
In April, the frequency of exploits across the crypto landscape reached alarming levels, with almost one incident reported daily. Much of the stolen capital has been attributed to agents associated with North Korea, a claim the regime has publicly denied.
These ongoing security and centralization challenges have raised questions about the long-term viability of non-Bitcoin cryptocurrencies, as underscored by a recent report from JPMorgan. Analysts noted that both ether and altcoins have lagged behind Bitcoin in performance throughout 2023, even as the broader market has seen recoveries.
