Following the May 15 vault exploit that drained approximately $10.7 million from one of THORChain’s five vaults, the protocol has initiated its next recovery phase. Validators are now reviewing version 3.19.0, which combines critical security patches with the previously approved ADR-028 loss-recovery plan.
Compromised Vault Quarantine and Keyshare Checks
Version 3.19.0 introduces a Compromised Vault Mimir setting to isolate affected vaults while maintaining network visibility. Validators will also perform temporary keyshare validation to ensure all remaining keys are intact before resuming signing.
Staged Restart of Network Services
After these initial checks, THORChain will unhalt signing and initiate a churn, replacing the active validator set and transferring assets into newly generated vaults. Secured and trade assets will return first, followed by liquidity-provider operations, with trading resuming at the final stage of the 11-step sequence.
ADR-028 Ensures Loss Recovery Without Minting New RUNE
The ADR-028 governance plan absorbs losses using protocol-owned liquidity without creating new RUNE or diluting existing token holders. Future system income will help rebuild liquidity after the restart. Additionally, the protocol activated a bounty window for the attacker and slashed the linked node, while innocent nodes remain protected.
Validator Approval Is Critical
Completion of the THORChain restart plan depends on validator approval of v3.19.0. Once approved, the network will proceed through staged service restoration, vault recovery, keyshare checks, and churn validation to ensure a secure and orderly return to full operations.