Thala Labs, a decentralized finance firm, has successfully recovered $25.5 million in liquidity pool tokens from its v1 farming contracts.
Thala disclosed in a post on Nov. 16 that it had experienced a “security breach” on Nov. 15 due to an “isolated vulnerability” in its v1 farming contracts. This vulnerability enabled the hacker to extract liquidity tokens.
Thala stated that it rapidly identified the perpetrator, halted all pertinent contracts, and froze $11.5 million in Thala-related assets.
Thala stated, “We were able to promptly identify the exploiter with the assistance of law enforcement, Seal 911, Ogle, and others.”
Thala reported that they were awarded a $300,000 bounty in exchange for the complete return of user assets. At the same time, crypto sleuth Ogle stated that the intruder returned the funds six hours after the incident. There was no disclosure of the attacker’s identity.
Thala emphasized that “affected users will not require any additional action, and their positions will be fully restored.”
Thala’s front end is now accessible. Subsequently, Thala will implement an “extensive review” and re-audit the protocol’s codebase, rendering users incapable of staking and unstaking positions.
According to Thala’s CEO, Adam Cader, the assault was related to integrating Thala with Move, a network of modular blockchains developed by Movement Labs, as mentioned in a post on X on Nov. 16.
“It’s inevitable some security issues may happen in the future on Move, but why we’re all building here is for these to occur at a far far less frequency and severity and trend to 0 over time as adjacent tooling gets stronger.”
The Thala platform is one of the most prominent DeFi platforms on the Aptos layer-1 blockchain.
CoinGecko reports that the THL token has experienced a 35% decline to $0.51 since the incident.
In the exploit, approximately $2.5 million in THL tokens were stolen, while an additional $9 million was obtained from Thala’s Move Dollar (MOD) stablecoin.
DefiLlama data indicates that the total value of Thala has decreased from $240 million on Nov. 15 to $195.6 million at the time of writing.
According to CertiK, a blockchain security firm, exploits were responsible for nearly $130 million theft from victims in October.
The lending protocol Radiant Capital experienced the most significant incident in October, resulting in a loss of approximately $54 million.
According to Hacken, a cybersecurity corporation, approximately $460 million was stolen from hackers in 28 incidents during the preceding three months of Q3 2024.
