Spent over a month rebuilding $RUNE's security model after a brutal exploit.
The attack vector: GG20 — the threshold signature scheme that's supposed to distribute key control across node operators so no single entity can hold the full key. A malicious operator figured out how to extract key material piece by piece, bypassing the entire security assumption. $10.7M drained.
The fix came in waves: emergency patch first, then vulnerability remediation, then hardening KeyVerify logic.
Here's what keeps me up: THORChain is one of the largest cross-chain liquidity rails in crypto. If key material can leak progressively without triggering any alarms for this long, what does "cryptographically verified" actually mean for the next protocol running this primitive?
Threshold schemes like GG20 are foundational infrastructure for decentralized custody, cross-chain bridges, and MPC wallets. If the security model can be silently dismantled over time, we're not just talking about one protocol's bug — we're talking about a systemic assumption that might be broken across the stack.
The real question isn't whether THORChain can patch this. It's whether the broader ecosystem is overestimating the security guarantees of threshold cryptography in adversarial environments.
The attack vector: GG20 — the threshold signature scheme that's supposed to distribute key control across node operators so no single entity can hold the full key. A malicious operator figured out how to extract key material piece by piece, bypassing the entire security assumption. $10.7M drained.
The fix came in waves: emergency patch first, then vulnerability remediation, then hardening KeyVerify logic.
Here's what keeps me up: THORChain is one of the largest cross-chain liquidity rails in crypto. If key material can leak progressively without triggering any alarms for this long, what does "cryptographically verified" actually mean for the next protocol running this primitive?
Threshold schemes like GG20 are foundational infrastructure for decentralized custody, cross-chain bridges, and MPC wallets. If the security model can be silently dismantled over time, we're not just talking about one protocol's bug — we're talking about a systemic assumption that might be broken across the stack.
The real question isn't whether THORChain can patch this. It's whether the broader ecosystem is overestimating the security guarantees of threshold cryptography in adversarial environments.