Thala recovers $25.5M in crypto caused by v1 farming vulnerability
Decentralized finance firm Thala Labs has recovered $25.5 million of liquidity pool tokens stolen from one of its farming contracts after the hacker was quickly tracked down by law enforcement and crypto sleuths.
In a post on Nov. 16, Thala revealed it had suffered a “security breach” on Nov. 15 due to an “isolated vulnerability related to its v1 farming contracts, which allowed the hacker to withdraw liquidity tokens.
Thala said it immediately paused all relevant contracts and froze $11.5 million worth of Thala-related assets, and was able to quickly identify the hacker.
“With the help of law enforcement, Seal 911, Ogle, and others, we were able to quickly identify the exploiter,” Thala said.
The hacker handed the funds back 6 hours after the incident, crypto sleuth Ogle said , while Thala said they were given a $300,000 bounty in exchange for the full return of user assets. Details of the attacker’s identity weren’t disclosed.
Thala stressed that “affected users require no further action, and positions will be made 100% whole.”
Source: Thala Labs
Access to Thala’s front end is live again. However, farming is still paused and users are unable to stake and unstake positions until Thala conducts an “extensive review” and re-audit of the protocol’s codebase.
The attack involved Thala’s integration with Move, a network of modular blockchains built by Movement Labs, Thala’s CEO Adam Cader noted in a Nov. 16 X post.
“It’s inevitable some security issues may happen in the future on Move, but why we’re all building here is for these to occur at a far far less frequency and severity and trend to 0 over time as adjacent tooling gets stronger.”
Thala is one of the most prominent DeFi platforms on the Aptos layer-1 blockchain.
The THL token has tanked about 35% to $0.51 since the incident occurred, according to CoinGecko.
About $2.5 million worth of THL tokens were stolen in the exploit, while another $9 million came from Thala’s Move Dollar (MOD) stablecoin.
Related: M2 crypto exchange hacked for $13M, user funds already restored
Meanwhile, the total value locked on Thala fell from $240 million on Nov. 15 to $195.6 million at the time of writing, DefiLlama data shows.
Thala protocol’s change in TVL since April 2023. Source: DeFiLlama
Nearly $130 million was snatched from victims in October, with the bulk coming from exploits, blockchain security firm CertiK reported.
The biggest incident in October involved lending protocol Radiant Capital, which lost around $54 million.
About $460 million was stolen from hackers across 28 incidents in the preceding three months in Q3 2024, according to cybersecurity company Hacken.
Magazine: Meet the hackers who can help get your crypto life savings back
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Court extends pretrial detention of Tornado Cash developer Pertsev
ICP breaks through $11
Jensen Huang: AI factories and digital intelligence will gradually emerge
Court prolongs Tornado Cash developer Pertsev’s pre-trial detention