This article is for informational purposes only. Always verify information independently before making any decisions.
Thorchain has approved ADR028, directing its $10.7 million exploit loss to be absorbed through Protocol-Owned Liquidity and, if necessary, via proportional losses on synthetic asset holders. The plan includes a strict rejection of new RUNE token creation, so RUNE holders avoid direct dilution while internal protocol reserves bear the full cost.
ADR028 instructs THORChain’s Protocol-Owned Liquidity pools to absorb as much of the $10.7 million loss as possible before passing any deficit to synthetic asset holders.
According to THORChain network restart goes to the polls as node opera…, THORChain’s automated solvency checker first detected the vault discrepancy on May 15. Within two hours, node operators enforced a total freeze of trading and protocol activity, arresting further loss and limiting the exploit’s spread. Only when POL is exhausted do losses impact synthetic asset claimants — holders of derivatives referencing BTC and ETH but backed by protocol collateral.
- May 15, 2026:Automated solvency checker detects exploit event
- ~+2 hours:Node operators fully freeze THORChain network
- Post-freeze window:ADR028 recovery structure drafted and released to the community
- May 20–25, 2026:Community voting results in approval for ADR028
- May 27, 2026:Technical audits and restart implementation in progress
Technical Fixes and GG20 Decisions
The attacker exploited a vulnerability in THORChain’s GG20 Threshold Signature Scheme — splitting cryptographic key control among nodes to decentralize fund custody.
Publicly available data shows a node operator who joined less than 48 hours before the breach used onboarding weaknesses to reconstruct vault private keys and drain protocol funds.
Recovery Plan Avoids New RUNE
ADR028’s central commitment is a categorical ban on new RUNE minting to recapitalize losses, with Crypto Briefing stating this policy is non-negotiable.
Recent DeFi Exploits Add Pressure
Cross-chain DeFi exploits have caused billions of dollars in losses since 2021, often fueled by complex bridging architecture. That $10.7 million THORChain exploit in May followed the established trend: attackers focused on cryptography, threshold signatures, and onboarding steps.
| Protocol | Exploit Date | Loss Amount | Mitigation |
|---|---|---|---|
| THORChain | May 15, 2026 | $10.7M | POL reserves, no new mint |
| Nomad Bridge | August 1, 2022 | $190M | Token recovery, partial refunds |
| Poly Network | August 10, 2021 | $600M | Attacker partially returned funds |
As such failures ripple across DeFi, disputes grow over how losses should be handled — whether by dilution, long-term debt, or contained risk within bounded pools.
Attacker Faces Slashing and Bounty Offer
Crypto.News draws attention to THORChain put forward a public bounty for the return of stolen funds — a white-hat standard in DeFi recoveries. Per Crypto.News, these bounties sometimes persuade hackers to bring back assets, with authorities negotiating reduced prosecution in exchange for recovery.
Per Crypto.News.
Recent DeFi Exploit Responses and Sector Debate
Coverage from stnews.live points to the THORChain incident and ADR028 approval sparking sector-wide debate in DeFi governance forums.
Since May 2026, major protocols have begun discussing the balance between recapitalization speed and maintaining token cap rules. With ADR028 as a reference, stnews.live reports that leading teams are revamping node onboarding procedures and risk buffers, matching new expectations for transparency and response reliability.
Some are rethinking whether to use inflation, as THORChain’s rejection of token minting stands in contrast to previous responses by Poly Network and Nomad Bridge.
Staged Mainnet Restarts and Security Audit Wave
According to public filings, the protocol’s two-hour freeze and extensive audit are viewed as the new baseline for high-stakes recoveries.
Trending News
- May 2026:THORChain’s $10.7 million protocol exploit and ADR028 approval reverberate through the DeFi sector, driving renewed industry focus on governance and technical onboarding risk.
- May 2026:ADR028’s “no new minting” policy ignites debate among cross-chain project leaders on Twitter and Discord, as holders weigh exposure to future inflation against protocol stability.
- May 2026:Key protocols initiate longer evaluation windows for node operator onboarding, following scrutiny of THORChain’s two-day attacker window and impact on onboarding policy debates.
- June 2026:A wave of security audits and staged mainnet restarts begin on leading DeFi platforms as exploit fears accelerate schedule among cross-chain developers.
- May–June 2026:DeFi projects escalate bounty programs for white-hat hackers, attempting to harness benevolent attacker talent as industry-wide countermeasure.
For readers seeking further details or ways to participate in protocol governance discussions, reference the dedicated THORChain coverage hub at THORChain. Review technical updates and ongoing bounty progress for continuous analysis on protocol security and industry adoption.
Disclaimer: The content on this page is for informational purposes only and does not constitute financial advice. Always do your own research before making investment decisions.
Sarah Williams is a blockchain technology editor and investigative journalist with 6 years of dedicated crypto reporting. Formerly an editor at CoinDesk, Sarah has broken stories on exchange insolvencies, DeFi exploits, and regulatory enforcement actions. She holds a B.S. in Computer Science from MIT and contributes to the MIT Digital Currency Initiative. Sarah is a frequent speaker at Consensus, Token2049, and ETHGlobal events.
Conflicts of interest
I hold no positions in any cryptocurrency mentioned in my coverage. All investment-related content is reviewed by senior editors before publication. I am not compensated by any project I cover.
