THORChain confirmed a security breach detected 02:14 UTC on May 11 that drained 36.75 BTC (~$3M) and roughly $7M in tokens across BNB Chain, Ethereum and Base, impacting 12,847 wallets. The protocol rolled out a recovery portal that lets affected users revoke malicious token approvals and submit self-custodial refund claims against a treasury-funded $10M refund pool. Users have 21 days to file claims (refund window closes June 4); unclaimed allocations will roll into the protocol insurance fund. THORChain’s leading theory points to a GG20 TSS implementation vulnerability that leaked vault key material over time; a newly churned node is suspected. The Treasury is coordinating forensic work with Outrider Analytics and law enforcement.

THORChain confirmed a ~ $10M exploit with on-chain drains (36.75 BTC and ~ $7M in tokens) affecting 12,847 wallets and has mobilized a $10M treasury-funded refund pool and recovery portal; the breach is attributed to a suspected GG20 TSS key-material leak and the Treasury is coordinating forensics and law enforcement — facts that materially affect protocol security and short-term market confidence.