THORChain operates by delegating a large number of small transactions to nodes that each hold their own hot wallet called "Yggdrasil" that is constantly topped up.
Node operators know their Yggdrasil wallet private key. To prevent theft, the Yggdrasil wallet is monitored for outbounds and any unauthorised outbounds results in a bond fine of 1.5x stolen.
A vulnerability exists where an attacker can replace legitimate outbounds in the mempool with nefarious non-observable transactions resulting in theft from SWAP/WITHDRAW recipients (customers).