THORChain’s development roadmap just got restructured around a single, unavoidable milestone: the THORChain v3.20 update. A consensus issue discovered during vault rotation has forced the network to pause all churning — and until v3.20 ships, that pause stays in place. What began as a modest point release has grown into a major deployment carrying security patches, the long-awaited Monero integration, and a new router V6. This is the most consequential release on THORChain’s near-term calendar.
Key takeaways
- THORChain’s vault rotation (churn) is paused until v3.20 ships, due to a consensus bug triggered during churning.
- The planned v3.19.4 patch has been folded into v3.20, which also includes Monero integration and router V6 deployment.
- The recent exploit stemmed from three older, chained bugs — each harmless alone, dangerous together.
- Maya Protocol kept processing swaps throughout the entire THORChain pause by running a single verified healthy vault.
- Moca is launching a quiet crypto point-of-sale beta, settling payments through Maya Protocol and THORChain.
THORChain Churn Paused Until v3.20 Release
Vault rotation is one of THORChain’s most fundamental security mechanisms, and right now it is not running. A consensus issue surfaces specifically during the churning process, and the fix requires changes deep enough in Thornode that a point release simply cannot carry them. That ruled out the originally planned v3.19.4 patch the same day it was discussed.
The team met to cut v3.20 instead, targeting an upgrade height for the following week. Once the release lands, the plan is to re-enable Solana first, then restore churning. Everything originally scoped for v3.19.4 — including the Monero work — now rolls into that single larger release alongside the new router V6 code, which is already ready and being deployed progressively. For users, the experience after the upgrade remains the same: swaps route through THORChain Swap as normal.
The consolidation is not purely reactive. Rolling multiple improvements into one coordinated release limits the number of times the network must go through a high-stakes upgrade sequence, which matters a great deal when reviewer bandwidth is already stretched.
Exploit Root Cause: Three Bugs, One Chain
The recent exploit did not come from a single catastrophic flaw. According to Aaluxx, co-founder of Maya Protocol and now a senior developer on THORChain, the vulnerability was a combination of three older bugs that had coexisted harmlessly in the codebase until someone — or something — discovered they could be triggered in sequence.
“It was three bugs that, chained together, were exploitable. Any one of them individually was harmless.” — Aaluxx
He described the morning the exploit broke as ice-cold. The team had recently merged TSS patches from a private repository, and his immediate fear was that an error in that merge had introduced the vulnerability. A fast check cleared it: the commit was intact, and the root cause traced back to much older code. The team had actually caught a similar chained bug — a potential double-spend — only a couple of months earlier, which means the underlying pattern was already on the radar.
How the team detected the compromised vault
Detection was technically elegant. By factoring one of the TSS setup’s cryptographic parameters and scanning for small prime numbers that should not be present, developers could identify whether any given vault had been poisoned. On THORChain, one of five vaults was found to be compromised, which explains why roughly 20% of TVL was drained rather than the full amount. The method gave the team a reliable diagnostic in a situation where speed of triage was critical.
Aaluxx was direct about the broader lesson from AI’s role going forward: a small team can now explore a codebase from far more angles simultaneously, which is a defensive advantage — but the same capability is available to anyone trying to find vulnerabilities from the outside. He expects a few more difficult months as the industry adapts to that new reality.
Maya Protocol’s Resilience During the Downtime
For the roughly month that THORChain was paused, Maya Protocol kept swapping. The same latent bug existed in Maya’s codebase, but it was never triggered. More importantly, Maya was running a single vault that the team could independently verify as healthy — so they kept it operational while pausing churning as a precaution, since a churn could have opened the same exploit path.
The practical consequence was real: native BTC-to-ETH swaps remained unavailable on THORChain during that period, but remained available on Maya. That is the redundancy argument made concrete.
“We need to fly the jet with two engines.” — Aaluxx
After the exploit and during the earlier TCY period, some voices argued for merging THORChain and Maya — using RUNE to buy out CACAO and consolidating into a single larger DEX. Aaluxx acknowledged it would have been a reasonable business decision and rejected it anyway. Two independent, permissionless DEXes sharing the same ideals are a deliberate design choice, not an inefficiency to optimize away. The cost of redundancy is real, but so is the cost of a single point of failure.
Development Bottlenecks and Governance Reforms
The constraint slowing THORChain’s release velocity is not a shortage of code. It is a shortage of people qualified to review and deploy it.
“Our limiting factor is not code creation, it’s reviewing and deploying.” — Aaluxx
Currently, only around three people have the depth of expertise required to review and deploy changes for THORChain. Adding more developers or more pull requests does not automatically accelerate delivery — it adds review load to an already narrow bottleneck. The team operates on a deliberate two-to-one ratio: every piece of code written requires at least two reviews before it moves forward.
Proposal to reform the ADR process
On the governance side, a structural issue has emerged. With proposals now coming from many contributors rather than a single coordinating body like Nine Realms, ADR numbers have collided and rough ideas have been filed as formal ADRs before they were ready to build.
The proposed fix is to separate the idea stage from the ADR stage entirely. An ADR, as Aaluxx framed it, should already be a finished recipe: concise, technical, and buildable with available resources. What is missing is an upstream space — a kind of battleground — where raw ideas get challenged, refined, or discarded before they qualify for ADR status.
“Some people think ‘I want pasta’ is an ADR. That’s not an ADR, that’s a problem. Come to us with a recipe.” — Aaluxx
Further down the line, ADR numbers could be requested and assigned on-chain through node relay, with the first approving node assigning the next sequential number. That would make ownership of a proposal unambiguous without creating a centralized gatekeeper. An ADR, it bears repeating, is not a prerequisite for shipping code — anyone can open issues and pull requests on GitLab today. An ADR is a temperature check that tells node operators whether they want paid developer time spent on something.
Ecosystem Integrations and New Features
Despite the pause, integrations across the ecosystem kept moving. ShapeShift has now joined Symbiosis as a live participant in the dynamic fee model, and the data coming back from both is proving useful. Three or four more affiliates are expected to come online within a week, pending Chad Barraford’s availability to finish the integrations.
A community tip reopened two larger integration conversations. A cold DM to Randy Bechtold surfaced Robinhood Chain as a potential target — and a quick look revealed it is built on Arbitrum, a network THORChain had already been pursuing. That created a two-for-one opportunity: Bechtold has a call scheduled with the Arbitrum team, and plans to ask for a warm introduction to Robinhood while there.
Aaluxx offered a technical note of caution on Arbitrum: it runs at roughly four blocks per second, which floods nodes with message volume in a way similar to Solana. Maya spent about a year stabilizing its own Arbitrum support. The upside is that the hard work is largely done on Maya’s side, giving THORChain a shorter path.
Monero integration nearing launch after Least Authority audit
The $XMR integration is the closest major feature to shipping. Aaluxx is in discussions with Least Authority for a security audit — a firm he rates among the top for privacy chain work. There is direct precedent: Zcash funded a Least Authority audit of its $ZEC-into-Maya integration, which recently completed with only minor denial-of-service and quality-of-life findings, no major bugs. The Monero work has already cleared chain-net testing and a developer review.
True to the protocol’s usual approach, the $XMR pool will launch first with shallow, protocol-owned liquidity and small test swaps, keeping user funds out of the picture while the chain client proves itself in production.
“Break things, but break them small.” — Aaluxx
$ZEC on the THORChain side has no timeline. The bottleneck is bandwidth: refunds, security work, the network restart, and the Monero launch are all competing for the same narrow review-and-deploy window, and churns come first.
Moca launching crypto point-of-sale beta via Maya and THORChain
The payments angle of the ecosystem got its own update. Moca, a crypto point-of-sale and payments network, settles transactions through Maya Protocol, THORChain, and a handful of other backends. The goal is to let ordinary merchants accept crypto and settle in crypto without friction — real-world volume flowing back through the protocols as a result.
The beta is deliberately quiet, targeting launch the Monday after next, with no marketing push at first. The plan is to open business accounts, gather feedback, run real test payments, and close bugs before a wider rollout.
“The payment side of Maya is upon us.” — EricOnchain, Moca
Builders interested in early API access can reach EricOnchain or the Moca account directly.
What ties all of this together is a network at a genuine inflection point. v3.20 is not just a security patch — it is the release that restores churning, brings Monero live, deploys router V6, and sets the stage for the Arbitrum and ShapeShift expansions that follow. How cleanly it ships, and how the Least Authority audit comes back, will say a great deal about whether THORChain’s recovery narrative holds up under the weight of what it is promising.
FAQ
Why is THORChain’s churn operation paused?
A consensus issue specifically tied to the churning process requires fixes at the Thornode level. Those changes are too deep to ship in a point release, so vault rotation stays paused until the full v3.20 update is deployed.
What caused the recent THORChain exploit?
Three older bugs that were each harmless in isolation became exploitable when triggered in sequence. The combination allowed one of THORChain’s five vaults to be compromised, resulting in approximately 20% of TVL being drained.
How did Maya Protocol maintain swaps during THORChain’s downtime?
Maya was running a single vault that the team could independently verify as uncompromised. By keeping that vault operational — while pausing churning as a precaution — Maya continued processing swaps throughout the entire month-long THORChain pause.
What is the status of Monero integration on THORChain?
The $XMR integration has cleared chain-net testing and a developer review. An audit with Least Authority is being arranged, and the pool is set to launch with shallow, protocol-owned liquidity and small test swaps to limit exposure during the initial phase.
Article produced with the assistance of artificial intelligence and reviewed by the editorial team.