THORChain’s community is rallying around a formal recovery blueprint after the May 15 vault exploit. Developers and node operators have published ADR028, a network restart proposal, and opened a governance vote for node operators on the path forward.
According to the ADR, the goal is to restart the network “as soon as possible” once there is a broad consensus on the plan. The team says contributors and the THORSec group have been “hard at work” since the incident, investigating the attack vector and preparing a safe upgrade.
How the Recovery Plan Handles Losses
ADR028 proposes that the protocol absorb the loss first through Protocol-Owned Liquidity (POL), before sharing any remaining shortfall across synth holders. The exact split between POL and synth holders is still under review, but the plan would take POL down to zero and then slowly rebuild it with future system income.
The ADR also states clearly that “no new RUNE is minted, no RUNE is sold, and no holder is diluted.” Instead, the protocol redirects a portion of its revenue over time to replenish POL, so the system can recover without printing new tokens or forcing sales into the market.
Technical Fixes and GG20 Decisions
On the technical side, THORChain will keep its GG20 threshold signature system for now, but apply patches and upgrades. Trading and other sensitive actions will only resume after developers patch the vulnerability and the network completes a successful churn of validator nodes.
ADR028 also calls for a slower, more security-focused release schedule. Developers say they now want to prioritize stability over rapid feature shipping after a suspected TSS-related exploit drained roughly 10 million dollars from protocol-controlled wallets.
In the slashing section, the ADR says it protects innocent nodes that end up in the same vault as the attack-hatt instead of slashing the attacker’s node in full, pairs the recovered RUNE with any assets recovered from the affected vault, and then burns any surplus RUNE.
The plan also includes a white-hat option that offers the attacker a bounty for returning funds. If they only send back part of the loot, the recovery plan “rolls back proportionally” so the adjustments match the smaller hole.
THORChain also says it will remain “neutral and permissionless” after the exploit. The ADR notes that the attacker’s swaps “will not be censored once trading resumes,” which keeps the protocol aligned with its existing neutrality principle.
READ MORE: NEAR Protocol Surges 26% Today: Why Is This AI Token Pumping?
