The primary keyword for this Radar update is THORChain ADR028 protocol ops. After THORChain documented the May 15 exploit, current reports say node operators are voting on ADR028 as the recovery path.
This is a protocol-operations story for Radar. The focus is how recovery governance, protocol-owned liquidity, synth-holder exposure and restart sequencing affect trust in a cross-chain liquidity protocol.
What Happened
THORChain official reporting says the exploit drained about $10.7 million from one vault, that automatic and manual halt systems controlled further activity, and that recovery would be decided through ADR-028 governance.
Current reports describe ADR028 as a node-operator vote that would use protocol-owned liquidity first before any remaining loss allocation to synthetic asset holders, with no new RUNE minting described in those reports.
The event is current because the vote and recovery path determine how the protocol moves from paused incident response toward restart. Those details let researchers compare recovery promises against the actual operating controls that resume the network.
Why It Matters
This matters for Radar because incident recovery is a protocol design test. The response shows how node operators, halt controls, POL, synth accounting and future patch releases interact under stress.
The Radar angle is different from CryptoSigy. CryptoSigy covers RUNE route risk and signal sizing; Radar covers governance mechanics, restart conditions and whether the protocol reduces the same failure mode before normal usage resumes.
Cross-chain systems are judged not only by exploits but by recovery clarity. ADR028 gives researchers a concrete process to inspect.
What To Watch Next
Watch the final vote result, implementation details and any v3.19 release path. The safest protocol signal is a recovery plan that is explicit about losses, restart conditions and cryptographic mitigation.
Also watch official warnings about claim or refund scams. Incident recovery often creates a second attack surface through fake portals and urgency-based wallet prompts.
A useful follow-up is whether THORChain publishes a deeper technical report after recovery. That would help researchers evaluate whether the GG20 failure path is fully contained.
Continue this cluster
Continue this cluster with May 23 protocol-ops items that separate exchange access, recovery governance and ecosystem design from short-term token noise.
