THORChain restart plan v3.19.0 after $10.7M hack
THORChain is moving into the next phase of recovery after a May 15 vault exploit that drained about $10.7M. Validators are being asked to approve v3.19.0 before THORChain begins a staged restart and restores network services.
The upgrade includes TSS security patches and implements ADR-028. THORChain says ADR-028 covers losses without minting new RUNE or diluting existing holders further. Future protocol income is expected to rebuild protocol-owned liquidity.
Key technical steps in the 11-step restart include: a new Compromised Vault Mimir setting to quarantine the drained vault from transaction processing while keeping it visible to the network; temporary keyshare integrity checks via “keyverify” before signing resumes; and then “churn” to replace the active validator set and move assets into newly generated vaults. The network will reopen services in order—secured/trade assets first, then liquidity-provider actions, with trading at the end—once each stage passes.
Trading, chain observation, and churning were paused earlier while developers investigated the attack. The exploit targeted a weakness in GG20 threshold signature code, and automatic solvency checks halted signing within minutes.
Crypto traders should watch for validator voting on v3.19.0 and any delays in the staged checks, as these will determine how quickly liquidity and trading functions return.
Neutral
This news is broadly neutral for markets. On one hand, THORChain’s 11-step restart plan (v3.19.0) and ADR-028 framework is designed to address the $10.7M vault loss without further RUNE minting or straightforward dilution—this can reduce uncertainty around token economics and improve sentiment among liquidity providers.
On the other hand, the protocol is not instantly restoring everything. THORChain explicitly sequences recovery: validator approval first, then vault quarantine, keyshare “keyverify” checks, churn, and only later trading and liquidity actions. Historically, in DeFi incidents, even good technical progress can still create short-term volatility because traders react to timelines, governance votes, and each gate’s completion (e.g., similar validator-driven rollouts after security incidents on other networks).
**Short-term:** expect cautious positioning and watchful liquidity until validators approve v3.19.0 and the staged checks complete.
**Long-term:** if the upgrade proceeds smoothly, it should support confidence in THORChain’s security and governance recovery design, which may become mildly bullish for sustained liquidity—though market impact is likely limited until broader trading restarts fully.