Thala, a DeFi project in the Aptos ecosystem, published a post on X saying that app.thala.fi is now back online.
Please note that farming functionality remains suspended as a safety measure, meaning users are unable to stake/unstake until all affected modules are fixed and re-audited.
Yesterday, Thala released the latest announcement stating that due to a security vulnerability attack on the latest V1 liquidity pool contract, assets worth $25 million were stolen. Thala has currently suspended all related contracts and frozen Thala token assets (9 million USD MOD and 2.5 million USD THL). With the assistance of other institutions, it has agreed with the attacker to restore all user assets through a $300,000 bounty.
It is important to note that no further action is required by affected users and positions will be 100% restored. However, all related contracts and the Thala frontend will remain suspended until deemed fully secure. Existing positions in the CDP and LST modules are not affected. Currently, the protocol's codebase is undergoing an extensive review and re-audit of all affected and related packages.