THORChain (RUNE)

$0.4598  -21.33%  24H

Soziale-Stimmungs-Index (SSI)

Marktimpuls-Ranking (MPR)

Beiträge auf X

  • crypto.news Media Influencer C
     117.70K  @cryptodotnews

    JUST IN: THORChain reports suspected exploit via newly churned node and GG20 TSS vault key leak. Network paused. RUNE transfers/chain observation may resume in ~12h. Trading/LP/signing remain paused https://t.co/4m98GnyGEg

    crypto.news Media Influencer C
     117.70K  @cryptodotnews

    JUST IN: THORChain exploited across Bitcoin, Ethereum, BSC and Base chains with stolen funds already exceeding $10m, per ZachXBT https://t.co/mD8Srl7Mam

     2  0  280
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Extrem bärisch
    THORChain suffered an attack exceeding ten million dollars, network paused.
  • KenErik Community_Lead Influencer C
     2.24K  @kenerik
    KenErik Community_Lead Influencer C
     2.24K  @kenerik

    @adam3us @P3b7_ @jpthor What if... THORChain's TSS uses a `$` delimited encoding where ["a$","b"] and ["a","$b"] hash to the same value👀 That ambiguity sits inside the Fiat Shamir transform the step that serializes ZK proofs before hashing. What if alpha$-shuffle was the vector

     1  0  60
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Bärisch
    THORChain coding vulnerability could endanger RUNE security
  • Vini B |「 thecoding 」 Security_Expert OnChain_Analyst B
     11.38K  @vinibarbosabr

    interesting timeline here in THORChain's repo an old issue related to vault churn/migrations has been reactivated in the context of a vault `transferAllowance()` exploit on @THORChain + security issue raised in Jan 2023 by Mr. Smith + Son of Odin closes the issue in Jul 2023 + Jack Zampolim proposes reopening it in Aug 2024 + a few discussions follow the reopening for a month + radio silence until 2 months ago + Son of Odin added a `priority` flag in Feb 2026 + THORChain gets hacked on May 15, 2026 for ~$10M + Mr. Smith adds a note a few hours after the attack: > "In light of recent events related to Thorchain vaults being exploited, will monitor and update this thread/issue with any relevant content, and be available for discussion of this if required." a video is coming discussing the hack and this thread before speculations begin: the issue described in this thread doesn't seen to be directly related to today's exploit on thorchain:native (and i'm not sure it's patch would have prevented what happened today), but it indeed addresses the broader attack surface that is vault churn/migration, which makes it relevant following recent events and worth working on THORChain devs have my support during these difficult times and i'm sure they will come out stronger from it -- i also respect a lot revisiting old, related issues

     25  2  2.85K
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Extrem bärisch
    THORChain suffers a $10 million vault exploit, bringing renewed attention to a long‑standing unresolved security issue.
  • z80.wei 👌☀️👌 Dev Security_Expert B
     8.27K  @0xz80

    it’s so funny how thorchain only halts when they’re dealing with their own exploits and not when they’re laundering millions for DPRK and by funny I mean sad

    Charles Guillemet Security_Expert Researcher B
     43.16K  @P3b7_

    This morning, THORChain was drained of roughly $10.8m Node operators have freezed the network for nearly 13 hours. The full analysis isn't out yet, but according to @jpthor, this could be a MPC exploit. ECDSA and TSS is hard. THORChain's vaults rely on TSS, a flavor of MPC where a quorum of nodes jointly produces a signature without ever reconstructing the private key. Clean for Schnorr or EdDSA; painful for ECDSA, which Bitcoin and Ethereum require. That's why we saw plenty of protocol attempts (Lindell17, GG18, GG20, CMP, CGGMP21, DKLS, KU23...), each patching flaws in the previous one. GG20 has a track record. THORChain's TSS uses GG20, on a fork of Binance's tss-lib. GG20 has shipped two well-publicized critical bugs: CVE-2023-33241 and TSSHOCK. CGGMP21, now cggmp24, are the latest protocols, but GG20 is still widely deployed. I often hear a misconception when I hear about MPC setup: "The key is split across many nodes, so any single co-signer doesn't really matter". In every published GG18/GG20 attack

     7  0  320
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Bärisch
    RUNE was stolen about $10.8 million due to an MPC vulnerability, causing the network to halt.
  • KenErik Community_Lead Influencer C
     2.24K  @kenerik

    👀👀Ohh

    Charles Guillemet Security_Expert Researcher B
     43.16K  @P3b7_

    This morning, THORChain was drained of roughly $10.8m Node operators have freezed the network for nearly 13 hours. The full analysis isn't out yet, but according to @jpthor, this could be a MPC exploit. ECDSA and TSS is hard. THORChain's vaults rely on TSS, a flavor of MPC where a quorum of nodes jointly produces a signature without ever reconstructing the private key. Clean for Schnorr or EdDSA; painful for ECDSA, which Bitcoin and Ethereum require. That's why we saw plenty of protocol attempts (Lindell17, GG18, GG20, CMP, CGGMP21, DKLS, KU23...), each patching flaws in the previous one. GG20 has a track record. THORChain's TSS uses GG20, on a fork of Binance's tss-lib. GG20 has shipped two well-publicized critical bugs: CVE-2023-33241 and TSSHOCK. CGGMP21, now cggmp24, are the latest protocols, but GG20 is still widely deployed. I often hear a misconception when I hear about MPC setup: "The key is split across many nodes, so any single co-signer doesn't really matter". In every published GG18/GG20 attack

     1  0  76
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Extrem bärisch
    RUNE risk spikes as THORChain loses about $10.8 million
  • spuddy Dev OnChain_Analyst B
     1.68K  @0xSpuddy
    Charles Guillemet Security_Expert Researcher B
     43.16K  @P3b7_

    This morning, THORChain was drained of roughly $10.8m Node operators have freezed the network for nearly 13 hours. The full analysis isn't out yet, but according to @jpthor, this could be a MPC exploit. ECDSA and TSS is hard. THORChain's vaults rely on TSS, a flavor of MPC where a quorum of nodes jointly produces a signature without ever reconstructing the private key. Clean for Schnorr or EdDSA; painful for ECDSA, which Bitcoin and Ethereum require. That's why we saw plenty of protocol attempts (Lindell17, GG18, GG20, CMP, CGGMP21, DKLS, KU23...), each patching flaws in the previous one. GG20 has a track record. THORChain's TSS uses GG20, on a fork of Binance's tss-lib. GG20 has shipped two well-publicized critical bugs: CVE-2023-33241 and TSSHOCK. CGGMP21, now cggmp24, are the latest protocols, but GG20 is still widely deployed. I often hear a misconception when I hear about MPC setup: "The key is split across many nodes, so any single co-signer doesn't really matter". In every published GG18/GG20 attack

     289  30  49.93K
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Extrem bärisch
    THORChain (RUNE) was hijacked for $108,000, network frozen for 13 hours
  • Preetam 📍 NYC 🇺🇲 Security_Expert Founder B
     5.92K  @raopreetam_
    Charles Guillemet Security_Expert Researcher B
     43.16K  @P3b7_

    This morning, THORChain was drained of roughly $10.8m Node operators have freezed the network for nearly 13 hours. The full analysis isn't out yet, but according to @jpthor, this could be a MPC exploit. ECDSA and TSS is hard. THORChain's vaults rely on TSS, a flavor of MPC where a quorum of nodes jointly produces a signature without ever reconstructing the private key. Clean for Schnorr or EdDSA; painful for ECDSA, which Bitcoin and Ethereum require. That's why we saw plenty of protocol attempts (Lindell17, GG18, GG20, CMP, CGGMP21, DKLS, KU23...), each patching flaws in the previous one. GG20 has a track record. THORChain's TSS uses GG20, on a fork of Binance's tss-lib. GG20 has shipped two well-publicized critical bugs: CVE-2023-33241 and TSSHOCK. CGGMP21, now cggmp24, are the latest protocols, but GG20 is still widely deployed. I often hear a misconception when I hear about MPC setup: "The key is split across many nodes, so any single co-signer doesn't really matter". In every published GG18/GG20 attack

     289  30  49.93K
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Bärisch
    RUNE因10.8M美元被盗致网络冻结,短期看空
  • tochi Trader Educator B
     70.84K  @oxtochi

    thorchain was all about muh decentralization anytime hackers use their protocol to wash st0len funds they suddenly know how to halt their chain after getting exploited how convenient

    tochi Trader Educator B
     70.84K  @oxtochi

    glad no user was affected btw https://t.co/msSgKhqt2t

     77  26  1.63K
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Bärisch
    RUNE security controversy stands out, author holds an extremely bearish attitude
  • Khal Founder Dev B
     3.09K  @khalkaz

    There will be a lot of grave dancers today THORChain’s far from the grave so I guess they’re dancing alone in a graveyard 😂

     14  2  200
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Bullisch
    RUNE shows solid performance, still dancing
  • Khal Founder Dev B
     3.09K  @khalkaz

    THORChain hacker address appears to have been funded from an XMR swap on Wagyu https://t.co/5cHckk9XZK

    PerpetualCow.hl D
     14.45K  @PerpetualCow

    Oh no.. @THORChain got exploited https://t.co/Yqp3sGRzuB

     14  1  786
    Original lesen >
    Trend von RUNE nach Veröffentlichung
     Extrem bärisch
    The THORChain project was exploited, resulting in multi-chain asset losses exceeding $7.4 million.