THORChain Asgard Vault GG20 TSS Exploit

On May 15, 2026, the cross-chain liquidity protocol THORChain paused all trading and node-signing operations after an attacker drained approximately $10.8 million from its Asgard vaults across at least nine supported chains, including Bitcoin, Ethereum, BNB Chain and Base. The leading post-incident hypothesis, surfaced by THORChain contributors and corroborated by independent forensics, points to a vulnerability in the GG20 threshold-signature scheme that the network uses for vault co-signing — exploited by a malicious node operator with access to the signing protocol. Wallets attributable to the attacker held roughly 3,443 ETH, 36.85 BTC and 96.6 BNB. RUNE fell ~12% on the news. Trading and signing remained paused for approximately 13 hours.

What happened

THORChain's architecture is structurally unusual among cross-chain protocols. Rather than wrapping assets via a single bridge contract, it operates Asgard vaults on every supported chain — collectively controlled by the active node set via a threshold-signature scheme (TSS). Spending from an Asgard vault requires a quorum of node signers to participate in a distributed signing ceremony.

The TSS implementation used by THORChain is based on GG20 (Gennaro–Goldfeder 2020) — a well-known practical threshold-ECDSA construction. Multiple academic and industry disclosures since 2021 have identified subtle exploitable flaws in real-world GG20 implementations, particularly in the consistency checks around proof-of-knowledge messages and in error-handling on signing failures. A malicious participant who controls a node and deviates from the protocol can — under certain implementations — extract information about other parties' key shares across many signing sessions, eventually reconstructing enough material to sign arbitrarily.

The May 15 attack chain, as reconstructed by the THORChain contributor community and independent researchers:

1. A node operator — either a long-running participant or one specifically positioned for the attack — participated in Asgard signing ceremonies while deviating from the GG20 protocol in a way that leaked key-share information.
2. After enough ceremonies, the operator assembled sufficient material to forge unilateral signatures over Asgard transactions, bypassing the TSS quorum requirement.
3. On May 15, the attacker drained vaults simultaneously across at least nine chains — Bitcoin, Ethereum, BNB Chain, Base, and others — using the forged signatures to authorise transfers to attacker-controlled addresses.
4. THORChain detected the unauthorised outflows and paused trading and signing across the network within roughly an hour of the first malicious transfer.

Total extracted: approximately $10.8 million in mixed assets, consolidated at attacker wallets that began moving funds toward laundering infrastructure within hours.

Aftermath

• Trading and node signing paused for ~13 hours while the contributor team triaged the signing-layer compromise.
• No formal post-mortem had been released in the immediate aftermath; the GG20-flaw hypothesis was the leading public theory but had not been confirmed by THORChain in writing as of the first week post-incident.
• RUNE fell approximately 12% on the news, with secondary impact on RUNE-collateralised positions elsewhere in DeFi.
• No public recovery from the attacker's wallets; standard laundering patterns followed.
• The incident contributed to the May 2026 bridge-exploit tally that PeckShield put at $328.6M across eight incidents in the first half of the month.

Why it matters

The THORChain incident is significant for reasons beyond its dollar value:

1. TSS is not a free substitute for a custodied multisig. The promise of threshold-signatures is that no single party ever holds the key — but the security of that promise depends entirely on the correctness and discipline of the implementation. GG20-class flaws have been publicly known since 2021, and several large custody and bridge operators rotated keys or switched signing schemes in response. THORChain's continued reliance on the vulnerable construction, combined with a permissionless node set that allowed attacker-aligned participants in, was the structural enabling condition.

2. Permissionless validation interacts badly with cryptographic-protocol attack surfaces. Centralised custodians can rotate compromised TSS implementations on a single coordinated upgrade. Permissionless networks face a much harder coordination problem — particularly when the active node set itself contains the attacker.

3. Multi-chain blast radius compounds the loss. Because THORChain's vaults are independent on each chain, a signing-layer compromise translates immediately into simultaneous drains on every chain the protocol supports. The same vulnerability, in a single-chain protocol, would have produced a single-chain loss.

The THORChain incident lands in the middle of a five-day cluster in May 2026 — alongside the Verus-Ethereum bridge ($11.58M, May 18) and Echo Protocol ($76.7M nominal, May 19) — that prompted PeckShield's "bridge hacks are back" framing for the month. The throughline is cross-chain infrastructure as the dominant 2026 attack surface, with the underlying mechanisms ranging from signing-scheme cryptography (THORChain) to value-binding gaps (Verus) to admin-key compromise (Echo) — a breadth of vectors that traces back to the Wormhole / Nomad era and remains stubbornly unresolved.