News linked to both this project and an event.
According to the THORChain blog, ZEC is in the queue for launch on THORChain. However, due to a recent vulnerability disclosed in Zcash—whose existing patch impacts integrators’ normal operations—THORChain must first complete a minor code modification to its Bifrost module before proceeding. The development team stated that the change is minimal but must be completed prior to ZEC’s launch. Monero (XMR) is currently expected to launch by the end of this month, with ZEC scheduled to follow.
THORChain has released its fourth update regarding the Asgard vault intrusion incident, publishing the ADR028 proposal and opening voting for node operators. The proposal indicates that the protocol will first absorb losses through its Protocol-Owned Liquidity (POL), with the remaining portion to be borne by synthetic asset holders. The exact proportion is still under evaluation. The POL will be reduced to zero as a result, and the proposal suggests allocating a portion of system revenue over time to gradually replenish it. This plan does not involve minting new RUNE, selling RUNE, or diluting holder equity.On the technical side, the GG20 version will be temporarily retained with a patch upgrade. Trading will resume after the vulnerability is fixed and a successful node rotation is completed. A slower, more security-focused release cadence is planned for the future.Regarding the slashing mechanism, unrelated nodes sharing the same vault as the attacker will be protected, while the attacker's node will be fully slashed. The recovered RUNE will be paired with recoverable assets from the affected vault, and any excess RUNE will be burned.Additionally, THORChain has offered a white-hat bounty to the attacker to recover funds. If a portion of the funds is recovered, the recovery plan will be adjusted proportionally. THORChain emphasizes its commitment to remaining neutral and permissionless, stating it will not censor the attacker's swap transactions after trading resumes.Currently, node operators are voting on the overall direction and principles of the proposal. The specific figures in the ADR are indicative and will be adjusted later via the Mimir mechanism. The goal is to restart the network as soon as possible. A "yes" vote means developers can proceed further along this path.
Odaily Odaily, THORChain posted on platform X that its developers have released an incident update on Discord. Current evidence points to a node thor16uc...cn84q, which recently joined the network, as being associated with the attack. This node is operated by a single malicious actor. The primary hypothesis is that the attacker exploited a vulnerability in the GG20 TSS implementation, causing sensitive key material of vault participants to leak over time. This ultimately enabled the reconstruction of the vault's private key and the execution of unauthorized outgoing transactions.Regarding network status, the network has been paused after multiple node operators executed `make pause`. RUNE transfers and on-chain observation may resume within approximately 12 hours, but transactions, LP operations, signing, and other sensitive operations remain paused.Discussed recovery plans include slashing the affected node's bond, covering losses with protocol-owned liquidity (POL), or other community-driven solutions. THORSec and Outrider Analytics are continuing their investigation. The Treasury is gathering forensic data and coordinating with relevant law enforcement agencies. Full functional recovery is expected to take several days or longer.
According to Odaily, THORChain has issued an emergency announcement stating that after discovering a suspected breach of an Asgard vault, the network has suspended trading operations to respond to the security incident. Preliminary information indicates that user funds remain unaffected, with losses primarily concentrated on the protocol's own capital.The official statement noted that the system automatically detected anomalous behavior and halted signing operations, thereby alerting the community and preventing further asset outflow. The investigation is currently ongoing to determine the root cause of the vulnerability and the full scope of the impact.Known information indicates that this incident involves one of the six Asgard vaults, with estimated losses of approximately $10.7 million. Meanwhile, staked RUNE on the affected nodes has been slashed due to a penalty mechanism triggered by unauthorized outgoing transactions. The network has paused churn operations and delayed the launch of new chains and related features until system stability is restored.THORChain stated that no user cross-chain transactions have been affected so far and has requested node operators to thoroughly inspect their infrastructure, secure key management, and anomalous behavior, and to submit relevant logs to assist the investigation.
According to The Block, blockchain intelligence firm TRM Labs released a report stating that North Korean hacker groups stole approximately $577 million in crypto assets during the first four months of 2026—accounting for 76% of global hacking losses over the same period. All these losses stemmed from two major incidents that occurred in April: KelpDAO was attacked by the TraderTraitor group, resulting in $292 million in losses; and Drift Protocol was compromised by another North Korean sub-group, suffering $285 million in losses. Preparations for the latter attack began as early as March 11, and funds were fully extracted within 12 minutes. The two incidents employed distinct money-laundering pathways: stolen funds from Drift remain largely dormant on Ethereum, whereas funds stolen from KelpDAO were rapidly swapped into BTC via THORChain, with subsequent laundering facilitated by Chinese intermediaries. TRM Labs noted that since 2017, North Korea’s cumulative crypto theft has exceeded $6 billion—and its share of global losses has risen steadily, from less than 10% in 2020 to 64% in 2025.