THORChain restored full operations on Tuesday morning, ending a six-week trading halt that followed a $10.7 million exploit across its multi-chain vaults. The decentralized exchange (DEX) confirmed just before 3 a.m. ET that all core functions, including asset swaps, liquidity provision, and network churning, are once again live for users across its supported blockchains.
The protocols native token, RUNE, responded positively to the announcement, climbing 3.7% within 24 hours to trade at approximately $0.42. This recovery effort involved a meticulous verification of every vault and keyshare, backed by the developer team and the Maya Protocol, which helped maintain liquidity during the extended downtime.
Breakdown of the May Asgard vault breach
The restart marks the end of a period of intense uncertainty for the self-described leading Bitcoin DEX.
But the road to recovery has been marked by controversy regarding how the protocol handles security disclosures. While the technical restoration appears successful, a public dispute with a security startup has raised questions about the networks relationship with the white-hat hacking community.
This tension comes at a time when the broader market is hypersensitive to security, especially as THORChain warns users against recovery schemes that often proliferate following such high-profile outages.
Key details
The crisis began on May 15 when an attacker compromised one of the six Asgard vaults, which facilitate the protocols cross-chain functionality. In the initial minutes of the breach, the exploiter managed to siphon roughly $7.4 million in unauthorized transactions. The network quickly stopped signing new transactions to prevent further drain, but the damage eventually totaled $10.7 million across several major chains.
According to the technical post-mortem, the funds were drained from vaults covering Bitcoin, Ethereum, BNB Chain, and Base. Unlike many other decentralized finance (DeFi) platforms, THORChain does not rely on wrapped tokens or bridges. Instead, it routes swaps through native liquidity pools, which meant the exploit hit the actual underlying assets held within the vault system.
The six-week timeline for the restart was a deliberate choice by the core developers. They focused on systematic verification rather than a rushed launch, ensuring that the vulnerabilities were fully patched before allowing funds to move again. While this cautious approach was praised by some long-term holders, it left many traders on the sidelines during a period of shifting market sentiment.
Allegations of silent patches and bounty disputes
While THORChain worked on the technical fix, a new conflict emerged on June 1. The security startup V12 disclosed that it had identified and reported a nearly identical vulnerability weeks before the May breach occurred. The firm alleged that the protocol developers “silently patched” the bug without acknowledging the report or paying the expected bug bounty.
The situation soured further when V12 claimed the THORChain team informed them the bounty program had been permanently retired. In response to this perceived lack of transparency, the security firm threatened to release exploit code for other unpatched bugs they claim to have discovered. This dispute highlights a recurring friction point in DeFi: the balance between rapid development and the ethical treatment of security researchers.
The protocol has not publicly detailed its internal decision-making regarding the V12 report, but the fallout has prompted wider discussions on-chain about how projects handle disclosure. For many investors, the incident serves as a reminder of the inherent risks in cross-chain protocols, which often navigate complex codebases.
During this period, macro warning signs in crypto have also kept liquidity tight, making the $10.7 million loss feel particularly heavy for the ecosystem.
Market reaction and the RUNE price recovery
The market response to the resumption of trading was immediate but measured. RUNE, the utility token used for liqudity and security on the network, saw its price stabilize and begin a modest upward trend. At $0.42, the token remains in a sensitive price zone, reflecting the delicate balance between relieved users and cautious speculators who may be waiting for further proof of stability.
Node operators played a critical role in the restart, as they must coordinate to ensure the network is secure before signing is re-enabled. The involvement of the Maya Protocol was also cited as a key factor in keeping the ecosystem afloat during the halt.
This collaborative recovery suggests that while the internal dev team faced criticism, the broader network participants remained committed to the protocols survival.
This resilience is mirrored in other parts of the industry, where institutional interest remains a driving force despite technical setbacks. Just as VanEck and Grayscale move toward ETF filings for other major assets, decentralized protocols like THORChain are under pressure to prove that their self-custodial models can withstand the scrutiny of a more professionalized investor base.
Feature roadmap including Monero and Zcash support
With the network now fully operational, the development team is shifting focus toward its upcoming features. The priority for the next phase is the launch of native Monero (XMR) swaps. This feature has reportedly completed end-to-end testing and is expected to go live in the near future, filling a significant gap in the decentralized exchange market for privacy-focused assets.
Beyond Monero, support for Zcash (ZEC) is also in the pipeline. These additions align with the protocols mission to serve as a permissionless gateway for the most significant digital assets without requiring users to trust centralized intermediaries. The roadmap also includes the implementation of dynamic fees and deeper liquidity incentives to attract back the capital that left during the six-week outage.
The success of these upcoming features will likely depend on whether the team can restore the trust of both users and security researchers. While the technical fix is in place, the reputational damage from the V12 allegations remains a shadow over the protocol.
For now, the focus remains on ensuring the Asgard vaults remain secure as the network attempts to reclaim its position as a major player in the cross-chain DeFi space.