{"id":18680,"date":"2024-11-18T14:41:23","date_gmt":"2024-11-18T12:41:23","guid":{"rendered":"https:\/\/forklog.com\/en\/hacker-returns-25-5-million-to-thala-in-exchange-for-300000-reward\/"},"modified":"2024-11-18T14:41:23","modified_gmt":"2024-11-18T12:41:23","slug":"hacker-returns-25-5-million-to-thala-in-exchange-for-300000-reward","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-returns-25-5-million-to-thala-in-exchange-for-300000-reward\/","title":{"rendered":"Hacker Returns $25.5 Million to Thala in Exchange for $300,000 Reward"},"content":{"rendered":"<p>On November 15, developers of the DeFi protocol Thala on Aptos recovered $25.5 million in stolen digital assets after reaching an agreement with the hacker.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Important Announcement<\/p>\n<p>On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m. <\/p>\n<p>We immediately paused all relevant\u2026<\/p>\n<p>\u2014 Thala (@ThalaLabs) <a href=\"https:\/\/twitter.com\/ThalaLabs\/status\/1857703541089120541?ref_src=twsrc%5Etfw\">November 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The hacker received a reward of $300,000. This occurred six hours after the incident.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\n<cite>\u201cAffected users do not need to take any additional actions. Their positions have been restored 100%,\u201d assured the developers.<\/cite><\/p><\/blockquote>\n<p>On November 15, a \u201csecurity breach\u201d occurred in the protocol due to an \u201cisolated vulnerability\u201d in the v1 smart contract.<\/p>\n<p>The team immediately suspended its operation, froze assets, and identified the hacker. Law enforcement agencies, along with on-chain investigators Seal 911 and Ogle, provided support.<\/p>\n<p>Details about the hacker&#8217;s identity have not been disclosed.<\/p>\n<p>Later, developers restored access to Thala&#8217;s frontend.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/t.co\/MKDLRgDfwy\">https:\/\/t.co\/MKDLRgDfwy<\/a> is now back live.<\/p>\n<p>Please note that farming functionalities remain paused for security measures, meaning that users are unable to stake\/unstake positions until all affected modules are patched and reaudited.<\/p>\n<p>\u2014 Thala (@ThalaLabs) <a href=\"https:\/\/twitter.com\/ThalaLabs\/status\/1858033047666569391?ref_src=twsrc%5Etfw\">November 17, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Farming and staking capabilities were blocked until the completion of \u201cextensive monitoring\u201d and a re-audit of the code.<\/p>\n<p>Subsequently, full functionality was restored. Details were promised to be revealed on Discord.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">Access to Swap, CDP and LST modules is live and fully functional. For any questions, please join the community discord: <a href=\"https:\/\/t.co\/DlYJy3kpz4\">https:\/\/t.co\/DlYJy3kpz4<\/a><\/p>\n<p>\u2014 Thala (@ThalaLabs) <a href=\"https:\/\/twitter.com\/ThalaLabs\/status\/1858033048706757115?ref_src=twsrc%5Etfw\">November 17, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Thala CEO Adam Kader highlighted the advantages of Aptos in such incidents.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Some thoughts on Move after yesterdays incident and successful recovery (long form):<\/p>\n<p>Move by itself doesn\u2019t make all complex business operations in smart contracts perfect by default but instead provides a developer environment that eliminates a lot of the common issues from\u2026<\/p>\n<p>\u2014 Adam (@adammoves_) <a href=\"https:\/\/twitter.com\/adammoves_\/status\/1857858908670279848?ref_src=twsrc%5Etfw\">November 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cThe built-in features of the Move programming language treat coins as real assets. The freezing and burning options allowed for the almost instantaneous recovery of 50% of Thala&#8217;s assets. [\u2026] As tools like AI threat detection, heuristic transaction monitoring, insurance, on-chain <span data-descr=\"know your customer\" class=\"old_tooltip\">KYC<\/span> and filtering improve, Move-based networks will continue to be the best place to store capital,\u201d<\/em> he noted.<\/p>\n<\/blockquote>\n<p>Since the incident, the THL token <a href=\"https:\/\/www.coingecko.com\/en\/coins\/thala\">fell in price by ~35%, to $0.51<\/a>, before recovering a third of the losses.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/1-1305.webp\" alt=\"1-1305\" class=\"wp-image-245465\"\/><figcaption class=\"wp-element-caption\">Data: CoinGecko.<\/figcaption><\/figure>\n<\/div>\n<p>The project&#8217;s <span data-descr=\"total value locked\" class=\"old_tooltip\">TVL<\/span> decreased from $234.4 million on November 15 <a href=\"https:\/\/defillama.com\/protocol\/thala\">to $198.5 million<\/a>.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/2-945.webp\" alt=\"2-945\" class=\"wp-image-245466\"\/><figcaption class=\"wp-element-caption\">Data: DeFi Llama.<\/figcaption><\/figure>\n<p>In October, PeckShield estimated the losses of crypto projects due to 20 hacks at $88 million, while Immunefi reported $55.1 million.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On November 15, developers of the DeFi protocol Thala on Aptos recovered $25.5 million in stolen digital assets after reaching an agreement with the hacker. Important Announcement On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":18679,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1393,44,1093],"class_list":["post-18680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-aptos-apt","tag-cybercrime","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"70","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/18680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=18680"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/18680\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/18679"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=18680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=18680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=18680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}