Seasons
Leaderboard
News
Learn
Research
Ranking
Ecosystem
Wallet

Ledger CTO Flags MPC Risk After THORChain's $10.8M Vault Hit

profile-murtuza-merchant
Murtuza Merchant1 hour ago
#THORChain#Hackers#Security
Ledger CTO Flags MPC Risk After THORChain's $10.8M Vault Hit

THORChain (RUNE) halted trading and signing on Friday after attackers drained roughly $10.8 million from one of its Asgard vaults, with Ledger's CTO flagging possible MPC weaknesses.

Asgard Vault Drained Across Four Chains

The cross-chain liquidity protocol paused trading and signing operations after on-chain investigator ZachXBT flagged suspicious outflows targeting vaults on Bitcoin (BTC), Ethereum (ETH), BNB Chain, and Base.

In a statement, THORChain said the network automatically detected abnormal activity and suspended signing to block further outbound transfers.

One of six Asgard vaults appeared compromised, churn was paused, and node operators were asked to review key management and operational security.

The protocol's Mimir governance module flipped trading and signing halts to active, with the pause running for roughly 12 hours from block 26190429.

Wallets tied to the attacker hold about 3,443 ETH, 36.85 BTC, and 96.6 BNB, alongside USDT, USDC, WBTC, AAVE, and LINK. RUNE fell about 12% on the news, dropping toward $0.50. THORChain said initial indications suggest user funds were not directly affected.

Also Read: Gemini Space Station Hit By Multiple Securities Fraud Claims After IPO

Ledger CTO Flags MPC Risk

Charles Guillemet, chief technology officer at hardware wallet maker Ledger, suggested the incident could involve weaknesses in threshold signature scheme infrastructure.

Citing remarks from THORChain contributor JP Thor, Guillemet said the breach could be an MPC exploit involving GG20, a threshold signature protocol used in some multi-party computation wallet systems.

He noted that earlier GG18 and GG20 protocols have faced critical vulnerabilities, including CVE-2023-33241 and TSSHOCK.

Guillemet warned that advances in AI-assisted vulnerability discovery may be lowering the bar for compromising validator infrastructure once thought hard to attack.

A theoretical attack path, he said, could involve compromising a validator, waiting for it to join an active vault, exploiting malformed proofs during signing, and reconstructing vault keys offline. He cautioned that the root cause remains unclear, and investigators have not confirmed whether a known GG20 flaw or a new weakness was involved.

THORChain's Recent Security Record

THORChain's vaults rely on TSS, a cryptographic system that lets multiple nodes jointly produce signatures without rebuilding the full private key in one place. The architecture has long been viewed as a strength of cross-chain DeFi, yet it has now drawn fresh scrutiny.

The protocol has weathered several high-profile incidents over the past year. In Feb. 2025, attackers behind the $1.4 billion Bybit hack routed close to $1.2 billion through THORChain to convert assets into Bitcoin.

The KelpDAO exploiter also used the THORChain protocol to move about $80 million in Ether, while THORChain co-founder JP Thorbjornsen lost $1.35 million in a deepfake Zoom scam in Sept. 2025.

Read Next: Southeast Asia Blockchain Week Brings Ripple, Avalanche, Solana Foundation, And K-Pop To Bangkok

Disclaimer and Risk Warning: The information provided in this article is for educational and informational purposes only and is based on the author's opinion. It does not constitute financial, investment, legal, or tax advice. Cryptocurrency assets are highly volatile and subject to high risk, including the risk of losing all or a substantial amount of your investment. Trading or holding crypto assets may not be suitable for all investors. The views expressed in this article are solely those of the author(s) and do not represent the official policy or position of Yellow, its founders, or its executives. Always conduct your own thorough research (D.Y.O.R.) and consult a licensed financial professional before making any investment decision.
Related News
THORChain Drained For $10.8M In Multi-Chain Hack, RUNE Sinks 12%
7 hours ago
Decentralized cross-chain liquidity protocol THORChain halted all trading on Friday after attackers drained roughly $10.8 million in assets spanning f
KelpDAO Exploiter Routes 75,700 ETH To Bitcoin, Fuels $800M THORChain Surge
Apr 23, 2026
The KelpDAO attacker has converted 75,700 stolen Ether (ETH), worth roughly $175 million, into Bitcoin (BTC) in about 36 hours. KelpDAO Exploiter Mov
How One Person Lost $282M In Crypto Despite Using Hardware Wallet Security
Jan 16, 2026
A single victim lost more than $282 million worth of Bitcoin (BTC) and Litecoin (LTC) in what blockchain investigator ZachXBT described as a hardware-
Epic Bybit's $1.5bn Hack Ignites Debate Over Security of Ethereum Architecture
Feb 24, 2025
A devastating hack of cryptocurrency exchange Bybit has reignited concerns about blockchain security. North Korea's Lazarus Group successfully extract
SwapNet Loses $13.43M In Smart Contract Exploit
Jan 26, 2026
SwapNet, a decentralized exchange aggregator, lost approximately $13.43 million in cryptocurrency assets after attackers exploited a compromised route
Related Research Articles
Claude Mythos And Crypto: What The New AI Threat Means For Trading
Apr 15, 2026
Anthropic revealed Claude Mythos Preview on Apr. 7, 2026, as the most powerful AI model it has ever built, and the first it has explicitly refused to
Biggest Crypto Exploits Of 2025–2026: What Really Went Wrong
Mar 23, 2026
Crypto hacks in 2025 and early 2026 exceeded every prior annual record by dollar value, with losses reaching as high as $3.4 billion across a landscap
Web3's Security Crisis In 2026: Why The Biggest Hacks Are No Longer Just Smart-Contract Bugs
Apr 10, 2026
The crypto industry lost a record $3.4 billion to hacks in 2025, yet the defining story is not about buggy Solidity code. It is about compromised deve
Lazarus And The Kelp Hack: How North Korea’s Crypto Heist Machine Keeps Evolving
Apr 21, 2026
On Saturday, Apr. 18, a cross-chain bridge run by Kelp DAO quietly bled 116,500 rsETH. By Monday, LayerZero had a name for the attackers. Not a new on
Off-Chain Vs. On-Chain Trading: What Is Shifting Crypto From CEXs To DEXs?
Mar 25, 2026
Decentralized exchanges captured more than 20% of global spot crypto trading volume by late 2025, roughly triple their share from four years earlier,
Related Learn Articles
Top 10 DeFi Wallets For Secure Trading In 2026
Mar 19, 2026
With decentralized finance total value locked surpassing $237 billion in late 2025 and more than 27 million unique wallets now interacting with DeFi p
Seed Phrases, Multi-Sig, and MPC Wallets: The Future of Crypto Self-Custody
Aug 29, 2025
The cryptocurrency revolution promised to return financial control to individuals, eliminating the need for traditional banks and intermediaries. Yet
How To Protect Your Bitcoin From Quantum Threats Right Now
Mar 17, 2026
Quantum computers cannot crack Bitcoin (BTC) or Ethereum (ETH) today, but the window for complacency is shrinking as hardware milestones accelerate, e
Why Major Banks Are Switching to Multi-Party Computation (MPC)?
Apr 10, 2025
Today banks stand at a pivotal crossroads: as blockchain technology transforms asset management and customer expectations shift toward greater control
Post-Quantum Cryptography Explained: New Math To Protect Bitcoin
Mar 24, 2026
As quantum computing advances force cryptographers to rethink the mathematical foundations of digital security, the cryptocurrency industry faces a un