DeFi protocol Thala recovers $25 million following successful hacker negotiation
Quick Take The DeFi protocol Thala successfully recovered over $25 million drained from its liquidity pools by a hacker after a successful negotiation led the hacker to accept a $300,000 bug bounty, the protocol announced. The Aptos-based protocol, which paused certain operations, is now reviewing and re-auditing its codebase.
The Aptos-based decentralized protocol Thala suffered an exploit on Friday that saw a hacker drain about $25.5 million in tokens from its liquidity pools.
Luckily, with the help of theft recovery groups SEAL 911 and Ogle Security Group, Thala was able to negotiate with the hacker for the return of the funds in exchange for a $300,000 bug bounty, the protocol announced on X.
"Affected users require no further action, and positions will be made 100% whole. However, all relevant contracts and the Thala frontend will remain paused until deemed to be fully secure," the protocol stated .
A member of SEAL 911 said the recovery was surprisingly straightforward after the group made contact with the hacker.
"[SEAL 911] identified the white hat hacker within minutes (i.e. name, location etc.) due to obvious onchain links. Fortunately, the white hat hacker reached out themselves a little bit later and returned the funds minus a bounty themselves," SEAL 911 member @pcaversaccio said. "It was a very easy win in that case, since no real negotiation was needed."
Thala Labs provides an automated market maker and a yield-bearing stablecoin for the Aptos ecosystem known as the Move Dollar (MOD), named after Aptos' programming language. The protocol has the fourth-highest total value locked (TVL) of any DeFi protocol on Aptos, according to DefiLlama data . The hacker stole $9 million worth of MOD tokens and $2.5 million worth of Thala's native governance token, THL, which the protocol was able to freeze.
While the protocol recently announced its ThalaSwap V2 product , the vulnerability was in the protocol's v1 contracts.
"Thala was lucky in this case nonetheless to have had a good guy to return the funds," @pcaversaccio said. "I want to emphasize: very lucky."
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Chainlink ‘god candle’ appears as LINK price soars 27% in 24 hours
South Korea's martial law is the first since 1980
British government: will "closely monitor" the situation in South Korea
CryptoQuant founder Ki Young Ju says he will delete his previous tweet asking for help from Musk