Trading is temporarily paused. More info here. THORChain has no active refund, airdrop, or compensation program. Be cautious of fraudulent websites impersonating the protocol and report them back to us.

THORChain Path to Restart: v3.19, Soda Labs, and Hardening the Vaults

Raynalytics logo
Ray

2026-05-29 — 12 min read

    Podcast
THORChain Podcast #203 thumbnail featuring co-founder Chad Barraford discussing the v3.19 protocol update, Soda Labs, and vault hardening, presented by Raynalytics

THORChain x Soda Labs Podcast #203 ft. Asaf (Soda Labs), Chad Barraford, Kenton, Patriotsounds & Boone | May 28, 2026 | Watch the full episode on YouTube

By Raynalytics

TL;DR

  • v3.19 is the restart release. Chad expects it cut today, deployed to stagenet for the Maya team to test, then adopted on mainnet between Monday and Wednesday next week. Trading is the last thing turned back on, after a key verification round and a full churn into new vaults.
  • The TSS library will be temporarily closed source. Soda Labs is finishing a deep cryptographic audit; Chad would personally open source today, but the security team wants more time to be 100% certain. It'll go public again at v3.19.1 or v3.20.
  • The exploit was a true zero-day with cryptographer-grade sophistication. Asaf confirmed the attacker chained two undisclosed cryptographic conditions on top of a known BitForge assumption. Soda Labs' own cryptographers needed time to validate it. AI models, including Anthropic's Mythos, likely could not have found it.
  • DKLS is the destination. Soda Labs is already benchmarking a DKLS23 substitute for ECDSA signatures (Silence Labs has been building a custom implementation since last year), plus a Frost variant for the simpler Schnorr cases and Monero.
  • New vault and node design ideas are on the table: infrequently-signing "lukewarm" vaults holding the 80% of funds not needed for liquidity, mandatory cool-down periods before new operators can validate, reputation-weighted vault assignment, and pre-merge protocol-level jail of nodes that fail key signs.
  • Boone and Chad went head-to-head on fees: Boone wants a short-term min bps hike from 10 to 20 and per-asset fees for Monero's permissionless monopoly; Chad wants the dynamic fee model to optimize each affiliate market independently.

Introduction

This week's THORChain podcast wasn't just a Thursday catch-up. Kenton and Denny brought in Asaf from Soda Labs, the cryptography firm that's been part of THORSec since roughly August 2025, to talk through what happened, what's being patched, and where THORChain's signature scheme is headed next. Chad also fielded a Path-to-Restart timeline, and community contributor Boone jumped on with a fees pitch that turned into one of the sharper debates of the episode.

If you're new to Soda Labs: they're a cryptography research firm whose flagship product is Bubble, a privacy layer that lets you do confidential transactions on EVM chains using garbled-circuits MPC. Their other hat is security audits, and that's the hat they've been wearing on THORChain since the v3.18 cycle. Asaf is a protocol security engineer there. The team's CEO and CTO are practicing cryptographers with PhDs, plus Yehuda Lindell (ex-Coinbase) sits on their advisory board.

"Privacy is a human right" was the line of the episode, said three times in three different contexts. We'll get to that.

1. The Restart Timeline: v3.19 Is the Release

Chad laid out the order of operations clearly. Two PRs are mid-merge: a Bifrost change implementing the TSS fixes, and a Thornode change with the store migrations that fill the ~$10 million hole using the methodology agreed in ADR28. Once those merge, v3.19 gets cut and deployed to stagenet.

"Hopefully v3.19 will be cut today, deployed to stagenet hopefully tomorrow. Give it a day or maybe a couple days, maybe the weekend, for Maya to kick the tires." (Chad)

Mainnet adoption is targeted for Monday to Wednesday next week, contingent on no new bugs surfacing during Maya's testing. After v3.19 is adopted, the sequence is:

1. Verify the store migration worked cleanly on mainnet.

2. Run a key verification process where Bifrosts talk to each other to confirm the existing vault keys are intact (99.9% confident already, going for 100%).

3. Sign the ~26 pending outbound transactions.

4. Enable churning. A new TSS keygen produces fresh vaults.

5. Asset migration to new vaults takes roughly six hours.

6. Re-enable LP actions, trading, and secured/trade asset deposits and withdrawals.

Net total from v3.19 release: probably another week before THORChain is back to full business. The $700k gap between L1 assets and what's needed to balance the books has been ironed out by Codehans, per Chad.

2. Closed-Source TSS: The Lesser of Two Evils

The most contentious post-exploit decision: the TSS library will be temporarily closed source. Chad framed it as a binary choice with no clean option.

"Either we stay all open source and have trading paused for several weeks until we figure out the TSS library, or we use a closed-source one and get trading resumed. Which is worse?" (Kenton)

Chad was direct: personally, he'd open source it today. The Soda Labs team wants more time. Asaf explained why: when you're touching cryptography, "probably" doesn't cut it. Soda Labs needs to be sure that no edge case has been missed, that no stone is left unturned. Every day THORChain stays paused is lost income, but the funds already in the protocol have to be unimpeachably secure when trading resumes.

Expected timeline for going back open source: two weeks to a month, either as part of v3.19.1 or v3.20. Kenton's blunt framing for purists: it's publicly known that it's closed source, and if it really bothers you, just don't use THORChain for those few weeks.

3. The Exploit Was Real Cryptography, Not Vibe-Coded AI

This was the section that genuinely cleared the air on what happened. The attacker exploited a known BitForge assumption (the Paillier-key one in GG20), but BitForge has two security assumptions, and Chad confirmed only one had been broken publicly. The attacker figured out two more cryptographic conditions that were not in any public disclosure.

Asaf:

"It took our team some time to validate, and we have very advanced cryptographers. I think the attacker did have some capability that I'm not sure an AI model has at the moment. Even when we tried to apply AI to the same problem while knowing the vulnerability exists, AI couldn't find it."

That contradicts a lot of speculation online. The attack required a human cryptographer who understood the math, not a script kiddie with Opus 4.7 or even rumors of Mythos. Chad added that Mythos is good at chaining multiple low-priority bugs into something powerful, which is the pattern THORChain saw in the 2021 attack, but this particular zero-day was outside any current model's reach.

The community had outside cryptographers reach the same conclusion: this attacker knew what they were doing.

4. Where Cryptography Goes Next: DKLS, Frost, Bigger Vaults

Soda Labs is already benchmarking DKLS23 as a substitute for everything ECDSA. For Schnorr-based assets and Monero, the team is looking at the Frost family, which has a simpler underlying construction and therefore a smaller attack surface. The transition will involve a brief period of running both schemes in parallel.

Critically: THORChain would be the only DKLS user with open, permissionless node operators. Most DKLS deployments today are inside Vultisig-style closed validator sets. That's why Silence Labs was engaged back in late 2025 to build a custom DKLS implementation with identifiable aborts: a feature you don't need if you trust all your validators, but THORChain absolutely does.

Asaf floated a bigger structural idea: separate the vaults into a small, frequently-signing layer holding the ~20% needed for liquidity, and a larger, rarely-signing layer holding the other ~80%. Less signing means less opportunity for the death-by-a-million-cuts pattern that almost every TSS exploit relies on. Chad's framing was sharper:

"Lukewarm wallets. Still online so they can top up the hot wallet, but rarely signing themselves. Less opportunity to extract key information." (Chad)

This is conceptually similar to the cold vaults Chad floated last week, but more practical at scale.

5. New Node Operator Rules: Cool-Down and Reputation

A cluster of related ideas got serious airtime. The protocol-level question: how do you stop a malicious operator who is willing to sit on a TSS exploit for months from cashing it in?

The answers under discussion:

  • Mandatory cool-down period before a new $RUNE address can become a node operator. Sit on it for several months minimum before validating. Forces an exploit-holder to wait, increasing the chance someone else (a Soda Labs cryptographer, an honest white-hat) finds the same bug first.
  • Reputation-weighted vault assignment. New nodes start in vaults securing smaller amounts. Long-tenured nodes earn the right to secure more. Asaf's framing: this stacks on top of the cool-down, so even after waiting six months, a malicious operator only gets access to small funds initially.
  • Yields stay flat across vault tiers. Boone and Chad both landed here. Punishing new honest operators with worse yields would make it hard to attract bond providers. Better to keep returns consistent and just expose newer nodes to less asset risk.
  • Protocol-level jail on key-sign failure. Already merged or close to it. If you fail a key sign, you're excluded from the next signing party for an hour. Dramatically reduces the frequency of failed key signs available to extract data.

Chad's broader point: today's vault assignment is optimized against Sybil attacks (one actor getting 2/3 of a single vault). It is not optimized against the single-actor-with-a-TSS-exploit case. The protocol may need to rebalance how it picks vault membership going forward. Security, in Chad's framing, should be like an onion: layer protections, protect the same thing seven different times in seven different places.

6. The Bug Bounty: Frozen, Not Cancelled

The bug bounty program is paused, not killed. Reason: the slop. A meaningful fraction of submissions are AI-generated reports or copy-pastes from online scanners, and every one of them has to be triaged because you cannot ignore a security report. That drain was a real reason DKLS and invariant work fell behind on the roadmap.

Chad's idea, which he and Asaf hadn't formally discussed: route every submission into a private GitLab issue, have Huginn evaluate it first with a public confirm/deny and reasoning, and let the submitter argue back if Huginn rejects it. Fight AI slop with AI triage.

Denny floated requiring a small refundable deposit to filter out one-minute copy-paste submissions. Asaf was open to it but cautious about discouraging legitimate reports.

The redesigned bounty will likely return alongside v3.19.1 or v3.20.

7. The Fees Debate: Boone vs. Chad

Boone came up with two proposals and Chad pushed back hard on both. This is the kind of meritocratic argument THORChain Discord used to be known for.

Boone's pitch #1: Raise min bps from 10 to 20 for a short-term experiment. Higher yields make bonding more attractive, the ADR25 dev fund grows faster, and historical data (FamiliarCow's experiment from earlier this year, plus the natural experiment when min bps moved from 3 to 15 to 8) suggests THORChain net-monetizes global crypto exchange volume better at higher fees.

Boone's pitch #2: Per-asset min bps. Monero specifically should start at something like 50 bps because THORChain will have a functional monopoly on permissionless Monero swaps once it launches.

Chad's pushback: A global min bps is the wrong knob. Each affiliate is its own competitive market. STO faces almost no competition; SwapKit faces dozens of cross-chain aggregators. Raising min bps system-wide helps one affiliate and hurts another. That's exactly what the dynamic fee model is designed to solve: per-affiliate optimization. On the monopoly point, Chad was willing to concede:

"If we have a monopoly on Monero, theoretically we can raise it to whatever. I think Monero should start at 50 bps. Theoretically that's literally what I'm proposing." (Chad)

The Boone-vs-Chad disagreement on whether arbitrage volume should count as "income" is going to keep playing out in Discord. Worth following.

8. Marketing and Site Updates from Kenton

A handful of operational updates worth noting:

  • The Binance wallet false-positive flag on swap.thorchain.org is fixed. Kenton worked through Binance support; the underlying blacklist feeds (Go Plus, Scam Sniffer) don't actually list THORChain. He's now sweeping DNS, registrars, web hosts, and Google to take down the ~40 phishing sites that mimic the THORChain domain.
  • The $TCY logo will use the THORChain lightning bolt in a different color (blue), matching how Saylor's Strategy uses the same logo across STRC, STRK, and its other tickers. Kenton's position: shared logo signals "same project, different token," not confusion.
  • THORChain Swap now supports seven additional languages (Traditional Chinese, Simplified Chinese, Korean, Russian, Spanish, Persian, Turkish), with another 20-25 in the queue. AI-translated first, human-verified after.
  • Twitter is intentionally quiet. Per advice from Market Across PR, no bullposting while paused. Updates only.

9. Devel's Limit Orders: Worth a Look

Right before signing off, Boone pointed the community at Devel's base-layer limit orders. They are not the same as Chad's base-layer limit swaps; the two play nicely together (Devel's don't cross two legs, Chad's do). Boone thinks this could be the missing piece for capital efficiency. Get into Discord and pick it apart.

What to Watch

  • Monday through Wednesday: v3.19 mainnet release window.
  • A week after that: churn complete, trading resumes, secured and trade asset flows back on.
  • Two to four weeks out: TSS library returns to open source via v3.19.1 or v3.20.
  • Q3-ish: Soda Labs and the team start the DKLS migration in earnest, with Silence Labs' implementation.
  • Roadmap items waiting: Monero, Zcash, Polygon, Bittensor ($TAO), Quai, Zano integrations, plus revshare and the dynamic fee model.

"We got a flat tire on the road. We stopped for a bit. We're still fixing the tire. We're going to keep going." (Denny)

More THORChain data, check out Raynalytics

Follow Raynalytics for more Weekly Analytics and Podcast recaps.

Try the World’s Leading Bitcoin DEX

No sign up required. Easy to use.

Related articles