THORChain: RUNE transfers are expected to resume in 12 hours; the attack may be due to the GG20 TSS vulnerability.

CoinFeed reported on May 16th that THORChain released an update on the hacking incident on its X platform. Preliminary evidence suggests that a recently joined node was compromised by a malicious operator who exploited a GG20 TSS vulnerability to obtain vault participant key information, ultimately reconstructing the vault's private key and executing unauthorized withdrawal transactions. Currently, multiple THORChain nodes are offline, resulting in a network shutdown. RUNE transfers are expected to resume in approximately 12 hours, but the exact situation depends on node decisions. Trading, liquidity provider operations, and signature functions will remain unavailable, and full network restoration is expected to take several days. Recovery plans are under discussion and may include reducing the staked assets of affected nodes and other remedial measures proposed by the community.