On November 15, 2024, Thala Labs, a decentralized finance protocol on the Aptos blockchain, faced a significant security breach, resulting in $25.5 million in liquidity pool tokens being stolen.
The Attack and Immediate Actions
The hack was due to an isolated vulnerability in its v1 mining contract, allowing the attacker to withdraw funds. Thanks to swift responses and the assistance of law enforcement, the crypto community, and specialized recovery groups, Thala managed to recover $25 million of the stolen funds just six hours after the exploit. All relevant contracts were paused, and $11.5 million in Thala-associated assets, including $9 million in Move Dollars (MOD) and $2.5 million in THL, were frozen. Affected users were informed that their positions would be fully restored without requiring any action.
Recovery Process and Negotiation
With the help of Seal 911 and Ogle, Thala quickly identified the hacker. A representative of Seal 911 stated that the hacker was tracked down easily due to obvious on-chain links, and the hacker contacted them willingly to negotiate the return of the stolen funds. In exchange for returning the assets, the hacker was given a $300,000 bounty. The stolen funds were returned just hours after the incident.
What is Thala?
Thala Labs offers automated market making and the yield-bearing stablecoin Move Dollar (MOD) within the Aptos ecosystem. Named after Aptos' programming language, MOD is designed to provide liquidity and stable yields for DeFi users. The protocol recently launched ThalaSwap V2, but the hack was due to a vulnerability within the older v1 contracts.
Thala Labs' incident is part of a growing trend in cryptocurrency security threats. The company is undertaking all efforts to rebuild trust and ensure future safety through comprehensive code reviews and audits. Despite success in recovering the stolen funds, incidents like this continue to pose significant risks to decentralized protocols.
