THORChain Proposes to Keep Patched GG20 After $10.7M Hack

The Exploit and THORChain's Response

THORChain released a post-mortem report Wednesday detailing a $10.7 million exploit tied to its GG20 threshold signing scheme. In the incident, attackers extracted funds by exploiting a flaw in the cryptographic framework used to secure validator key shares. Rather than migrate away from GG20 entirely, THORChain proposed applying a patch to the existing system and continuing with the modified version on mainnet.

Security Community Pushback

Crypto security researchers and investors have publicly disputed the decision. Critics argue the patch treats a symptom rather than addressing root causes in the signing framework's architecture. Some have questioned whether a single patch can restore confidence in a system that permitted a nine-figure loss, and whether the team has conducted sufficient external audits to validate the fix before redeployment.

What Comes Next

THORChain has not announced a timeline for when the patched GG20 system will return to production. The controversy highlights tensions between protocol speed-of-recovery and cryptographic rigor—teams face pressure to restore service quickly while also convincing security-conscious stakeholders that fixes are sound.

Why It Matters

For Traders

Uncertainty over GG20 patch adequacy may extend THORChain's downtime and defer liquidity pools' return, pressuring RUNE swap volumes and bridge TVL.

For Investors

Continued reliance on a patched system rather than a redesigned signing scheme raises questions about whether THORChain's cryptographic stack is fit for securing multi-billion-dollar pools long-term.

For Builders

Cross-chain protocols evaluating threshold signing frameworks should treat this incident as a case study in the risks of patching fundamental cryptographic designs under time pressure rather than replacing them.