With The Coke

THORChain incident update #3 The developers and THORSec teams have been hard at work throughout the weekend continuing the investigation to fully understand the events that took place, while also planning the road to recovery. It’s important to note that the investigation is still ongoing, and details may change in the coming days as we continue to gather information and adjust plans accordingly. At this time, the team has a strong understanding of what occurred and how the attack was executed, although they are not yet in a position to publicly discuss the technical details. What they can say is that the attack vector does not appear to be related to any currently known GG20 exploits, and at this stage are still assessing whether other GG20 implementations could also be at risk. The team will continue investigating this possibility and will coordinate with other affected teams as appropriate. We would like to thank the many cryptographers and security researchers who assisted throughout this process, including members of the team that originally developed GG20. The team currently expects to release version 3.18.1 tomorrow for node operators to adopt. We ask that all node operators upgrade to this release as soon as possible. There is also an open question regarding the best approach for handling the lost funds within the network. This will need to be discussed and ultimately decided by the community through governance. To facilitate this discussion, there’s a new channel in Discord called ⁠adr-028-tss-exploit-recovery . Before the network can return to a healthy state, nodes will need broad consensus on this ADR, after which the selected approach will be implemented as part of the 3.19 update. THORChads are encouraged to share well-structured and thoughtful proposals for the community to support or challenge. In the coming days, a vote will occur highlighting the most widely supported approaches for node operators to vote on. Regarding the future direction of the cryptographic systems used to secure the vaults, that discussion is still ongoing and requires additional research before any long-term decisions are made. For the immediate future, the team is currently leaning toward remaining on GG20 in order to restore network health and stability as quickly and safely as possible. Longer-term discussions around the future of THORChain’s cryptographic security model will continue once the network has stabilized. We are proud of how both the developer team and community have handled this situation. Everything will get running again as soon as possible, but the process will not be rushed. THORChain has a strong roadmap ahead, and devs are excited to return their focus to continuing to push the envelope of what this project can achieve. Onwards

THORChain incident update #2 We have become aware of multiple fake accounts and false information circulating regarding “refunds”, “airdrops”, compensation claims, and other alleged initiatives. To be absolutely clear: - Initial findings indicate that no user funds were lost in the incident - THORChain is currently conducting no refund, airdrop, or compensation program - Any account claiming otherwise is impersonating THORChain or spreading misinformation. Please rely only on official THORChain communication channels for updates. THORChain contributors are still actively investigating the recent incident alongside THORSec and external security partners. More information will be shared as the investigation progresses.