Xavier⚡$GOD

Guy with access to a $200/mo Claude Max and a spare weekend: "omg I found a P0, you owe me 10% of your TVL or else" Yeah sure buddy, how about you share your prompt, and we'll refund you your time and token costs with a 100% premium. (aka ~$2000) What happened to responsible disclosure? This industry starting to become pathetic.

🍻 Cheers to the THORChain devs, THORSec team, node operators, and everyone working around the clock to bring the DEX of DEXes back online. While others talk, they are auditing, patching, testing, reviewing, and making sure the network returns stronger than before. 💪 This hasn’t been an easy few weeks, but watching the community, builders, and security teams unite behind a common goal has been incredible. No shortcuts. No rushed fixes. Just relentless work to protect the future of permissionless cross-chain swaps. The DEX of DEXes is coming back. And when it does, it will be stronger, more resilient, and more battle-tested than ever. ⚔️ Thank you to every builder burning the midnight oil for THORChain. 🍻🟠 #THORChain $RUNE #DeFi

THORChain Incident Update #4 Following the events of May 15th, the community has been hard at work defining a path forward. ADR028 is now published and a vote is open for Node Operators. 🔹 The Recovery Plan 🔹 The protocol will absorb the loss first through Protocol-Owned Liquidity and the remainder is spread across synth holders (The exact split between the two is still being evaluated). By doing so, POL will be reduced to zero. The ADR proposes to redirect a portion of system income to replenish it over time. No new RUNE is minted, no RUNE is sold, and no holder is diluted. 🔹 The Technical Decisions 🔹 GG20 is kept in place for now, patched and upgraded. Trading resumes only after the vulnerability is patched and a successful churn has occurred. A slower, more security-conscious release cadence is also called for going forward. 🔹 The Slashing 🔹 Innocent nodes that end up being in the same vault as the attacker are protected. The attacker's node is slashed in full. The recovered RUNE is paired with whatever assets can be recovered from the affected vault, and any surplus RUNE is burned. 🔹 The White Hat Offer 🔹 The attacker is offered a bounty to return the funds. If funds are returned partially, the recovery plan rolls back proportionally. 🔹 Protocol Neutrality 🔹 THORChain remains neutral and permissionless. The attacker's swaps will not be censored once trading resumes. Node Operators are now voting on the overall direction and principles of this proposal. The figures in the ADR are indicative at this stage and will be adjusted later, notably via Mimir. The goal is to restart the network as soon as possible. A yes vote is a green light for developers to continue building in that direction. Full details of ADR028 https://t.co/l41nQAkf1k For those who want to understand the full context of what happened, this article is for you: https://t.co/FPpl37vYxR

🚨 BREAKING: The THORChain exploit just exposed something much bigger than THORChain itself. GG20 cryptography is NOT some niche THORChain-only system. The same family of threshold ECDSA cryptography has been used across major crypto infrastructure including: • THORChain • Binance tss-lib • Coinbase Developer Platform • ZenGo • Fireblocks • OKX Wallet • Particle Network This is why the entire industry is watching the THORChain situation closely. GG20 and threshold ECDSA have been considered some of the most advanced cryptographic systems in crypto infrastructure. But ECDSA MPC is notoriously difficult. Multiple CVEs and vulnerabilities have already been discovered over the years: • TSSHOCK • CVE-2023-33241 • Progressive key leakage issues • Malicious participant extraction vectors THORChain may simply be the first protocol large enough and decentralized enough to publicly stress-test this architecture under real hostile conditions. ⚠️ The war against decentralized cross-chain infrastructure just entered a new phase. $RUNE #THORChain #Crypto #DeFi #XMR