THORChain announced that it has resumed full operations as of today, June 23. The restart came after an 11-stage, 39-day security overhaul project that started after $10.7 million was stolen from the protocol in a May 1 hack.  

As of this report, THORChain swaps, liquidity provider actions, and cross-chain signing infrastructure have formally reopened. 

THORChain first went dark as part of the emergency response to a May 15 security incident, where an exploiter infiltrated the protocol by posing as a node operator two days before they exploited a flaw in THORChain’s GG20 threshold signature scheme.

THORChain returns after major overhaul

THORChain’s DeFi metrics thinned out during the downtime period. The DEX’s total value locked (TVL) is currently around $53 million, down from over $80 million on May 15, the day the hack was reported. At its March 2024 peak, the protocol held over $500 million. 

News of the protocol restart did not immediately translate to any real action for the RUNE token,which is trading near $0.42 per CoinMarketCap data, with a market capitalization just above $141 million. The token dropped more than 21% in the days after the May 15 breach and has yet to recover.

Post-recovery, THORChain will now refocus on items that it already committed to on its privacy roadmap. 

One of them is Native Monero swaps, which the team says are fully functional in testing and close to a mainnet launch. 

The Zcash support timeline is less straightforward as it is contingent on THORChain’s confidence in Zcash’s recovery after a critical vulnerability was discovered in its Orchard shielded pool in late May, as Cryptopolitan previously reported.

Why did THORChain shut down for 39 days? 

THORChain went into emergency shutdown after suffering losses that THORChain’s incident report estimated at $10.7 million. 

THORChain’s recovery did not follow the typical route of issuing a patch to fix the vulnerability that was exploited. Instead, developers came up with version 3.19.0 update after a multi-week process, introducing new multi-party computation security patches and a KeyVerify protocol that checks the integrity of every node’s cryptographic keyshare before vault churning can proceed.

Other non-technical matters had to be decided in the meantime too. On May 22, node operators voted on the ADR-028 governance proposal to decide how the protocol would absorb the $10.7 million loss. 

The proposed resolution was that protocol liquidity would cover the gap first. Synthetic asset holders will make up the difference by bearing the uncovered losses. 

The churn itself began on June 21, retiring old vaults and standing up fresh ones, according to THORChain’s eighth incident update. 

THORChain’s unwanted reputation with crypto hacks

With the latest episode, THORChain has lost close to $25 million to thefts since 2021. In a September 2025 Cryptopolitan report, THORChain’s co-founder’s personal wallet was suspected to have been hacked for $1.2 million in a DPRK-linked operation.

There are also the billions in hack dollars that flow through the THORChain mixer, locking the protocol’s status as a regular feature in the biggest crypto incidents. The Bybit hackers, who stole $1.5 billion in 2025, used the protocol’s cross-chain swap mechanics. THORChain also entered the mix when KelpDAO lost $300 million earlier in the year. However, THORChain has resisted the pressure to block such transactions, referring to how its censorship-resistance stance does not shift on a case-by-case basis.

If you’re reading this, you’re already ahead. Stay there with our newsletter.