THORChain Resumes Trading After $10.7M Exploit as RUNE Holds Near $0.42

TLDR

• THORChain resumed trading after more than five weeks offline.
• The network halted after a $10.7M exploit hit one Asgard vault.
• THORChain said every vault was verified and every keyshare checked.
• RUNE traded near $0.416 as 24-hour volume rose 192%.
• Native Monero swaps are already working end to end in testing.

THORChain has resumed trading after more than five weeks offline, following a May 15 exploit that drained about $10.7 million from one of its Asgard vaults across several supported blockchains.

The decentralized cross-chain liquidity protocol said trading, signing, churning, swaps, secured assets, trade assets and liquidity provider actions are now live again. THORChain described the restart as a security-focused process that required vault verification, keyshare checks and coordinated upgrades before services could return.

RUNE, the protocol’s native token, traded slightly lower over the past 24 hours, falling 0.92% to $0.4163 while remaining close to the $0.42 area. Its market capitalization stood at about $140.6 million, while 24-hour trading volume rose 192.31% to $9.87 million.

THORChain Restarts Swaps After Five-Week Halt

THORChain said in a June 23 post that trading is live again after more than a month offline. The protocol said every vault had been verified and every keyshare checked before the restart, with security and stability treated as the main priorities.

The shutdown began after an attacker drained one of THORChain’s six Asgard vaults. The protocol enables native asset swaps across blockchains such as Bitcoin, Ethereum, BNB Chain and Base without requiring wrapped tokens or centralized intermediaries.

According to THORChain’s recovery updates, most vaults were verified through KeyVerify, while older vaults were retired through migration to a new vault set. The network also required validator approval for recovery upgrades before normal operations could resume.

The protocol deployed security patches during the downtime, including versions tied to compromised-vault quarantine, keyshare checks and recovery logic. THORChain said these steps were completed before reopening trading and liquidity functions.

GG20 Signature Flaw Drove Exploit

The May exploit was linked to THORChain’s GG20 threshold signature scheme, a cryptographic system that divides signing authority among node operators so that no single participant can move funds alone.

THORChain said a newly churned malicious node operator leaked key material during signing processes and reconstructed a full private key for one Asgard vault. That allowed unauthorized transactions before automated monitoring halted network activity.

The protocol’s solvency systems reportedly detected the imbalance within minutes. Once vault balances moved beyond expected thresholds, trading, signing and other network functions were paused to prevent further losses.

The incident has renewed discussion over whether THORChain should replace GG20 with a different signing framework. Some community members have argued that a deeper cryptographic migration may reduce the chance of similar attacks, while the protocol has focused first on patching the known weakness and restoring operations.

RUNE Price Consolidates as XMR and ZEC Swaps Near

RUNE’s price action remained limited after the restart. The token moved down from around $0.4222 earlier in the session toward the $0.39 to $0.40 area before rebounding near $0.421, where it continued consolidating.

The rise in trading volume during a modest price decline shows increased activity around the current range. Traders are watching whether the RUNE price can hold above the $0.40 area and regain momentum after the protocol’s month-long pause.

THORChain said native Monero swaps are already working end-to-end in testing, with a live launch expected later. The protocol also said Zcash support will follow, along with dynamic fees and deeper liquidity upgrades.

The restart gives THORChain a chance to rebuild activity after its third major security incident. The next stage will depend on whether swaps remain stable, liquidity returns, and planned integrations such as XMR and ZEC move from testing to live use without new operational issues.