Cross-chain liquidity protocol THORChain halted all trading after a potential security vulnerability was disclosed to the team.
THORChain developers opted to suspend the network on Tuesday as a cautionary measure as they investigated reports of an issue. The decentralized network facilitates token swaps between eight chains, including Bitcoin, Ethereum, Avalanche and Cosmos.
**THORChain Globally Halted**@ninerealms_cap and THORSec have received credible reports of a potential vulnerability affecting @THORChain. Out of an abundance of caution, steps have been taken to halt THORChain globally.
Stand by for more information.
— Pluto (9R) (@Pluto9r) March 28, 2023
Liquidity platform Nine Realms and security team THORSec found these reports to be credible. However, in order to exploit the vulnerability, a malicious node would have needed to act in the last churn.
“We are operating under the assumption that if a malicious validator had taken steps during the last keygen, they would have already used the exploit to steal from THORChain’s vaults,” said a THORChain developer “Pluto9R” on Twitter.
The issue relates to the Threshold Signature Scheme (TSS) and all churn functions on the network were halted as developers worked on a fix.
THORChain came back online around eight hours after the chain halt after determining that nodes would not be susceptible to an exploit.
Update: THORChain Unhalted
Devs & security teams have determined the claim is credible (relates to TSS) but no nodes can exploit current vulnerability. Churn is disabled pending fix.
Trading/LP/Savers Vaults have all resumed.
Funds can be verified at: https://t.co/6a5NLAqefN
— THORChain (@THORChain) March 28, 2023
The protocol’s native token RUNE dropped to an intra-day low of $1.31 on Tuesday, down 5% over a 24-hour period.
This isn’t the first time the network has been suspended due to a software issue. In October, a bug that caused “non-determinism between individual nodes” led to a 20-hour outage on THORChain.
