Hacker Returns $25.5 Million to Thala in Exchange for $300,000 Reward

On November 15, developers of the DeFi protocol Thala on Aptos recovered $25.5 million in stolen digital assets after reaching an agreement with the hacker.

Important Announcement

On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m.

We immediately paused all relevant…

— Thala (@ThalaLabs) November 16, 2024

The hacker received a reward of $300,000. This occurred six hours after the incident.

“Affected users do not need to take any additional actions. Their positions have been restored 100%,” assured the developers.

On November 15, a “security breach” occurred in the protocol due to an “isolated vulnerability” in the v1 smart contract.

The team immediately suspended its operation, froze assets, and identified the hacker. Law enforcement agencies, along with on-chain investigators Seal 911 and Ogle, provided support.

Details about the hacker’s identity have not been disclosed.

Later, developers restored access to Thala’s frontend.

https://t.co/MKDLRgDfwy is now back live.

Please note that farming functionalities remain paused for security measures, meaning that users are unable to stake/unstake positions until all affected modules are patched and reaudited.

— Thala (@ThalaLabs) November 17, 2024

Farming and staking capabilities were blocked until the completion of “extensive monitoring” and a re-audit of the code.

Subsequently, full functionality was restored. Details were promised to be revealed on Discord.

Access to Swap, CDP and LST modules is live and fully functional. For any questions, please join the community discord: https://t.co/DlYJy3kpz4

— Thala (@ThalaLabs) November 17, 2024

Thala CEO Adam Kader highlighted the advantages of Aptos in such incidents.

Some thoughts on Move after yesterdays incident and successful recovery (long form):

Move by itself doesn’t make all complex business operations in smart contracts perfect by default but instead provides a developer environment that eliminates a lot of the common issues from…

— Adam (@adammoves_) November 16, 2024

“The built-in features of the Move programming language treat coins as real assets. The freezing and burning options allowed for the almost instantaneous recovery of 50% of Thala’s assets. […] As tools like AI threat detection, heuristic transaction monitoring, insurance, on-chain KYC and filtering improve, Move-based networks will continue to be the best place to store capital,” he noted.

Since the incident, the THL token fell in price by ~35%, to $0.51, before recovering a third of the losses.

The project’s TVL decreased from $234.4 million on November 15 to $198.5 million.

In October, PeckShield estimated the losses of crypto projects due to 20 hacks at $88 million, while Immunefi reported $55.1 million.