Thala Protocol quickly identified the exploiter, recovering $25.5M in stolen assets after a security breach in November 2024.
Thala reassured users that positions would be made whole and paused contracts for security following the attack.
WazirX's hack led to the arrest of a suspect, but the investigation faces challenges due to non-cooperation from WazirX's security firm.
Thala, a decentralized finance protocol, suffered a security compromise on November 15, 2024. A vulnerability in the latest update to its v1 farming contracts allowed an attacker to withdraw $25.5 million worth of liquidity pool tokens.
The breach prompted Thala to immediately halt all affected contracts and freeze assets, including $9 million in MOD tokens and $2.5 million in THL tokens. With law enforcement’s help, Thala quickly identified the exploiter and negotiated a $300,000 bounty in exchange for the return of all user assets.
https://twitter.com/ThalaLabs/status/1857703541089120541 Exploiter Identified and Assets Recovered
Following the breach, Thala assured its users that no further action was required on their part. The platform’s team emphasized that all positions would be made 100% whole. However, Thala paused all relevant contracts and the frontend interface to ensure security measures were solidified.
The ongoing codebase review and re-audit of affected packages will take place, and updates will follow as soon as the system is deemed fully secure. In the meantime, Thala users’ positions across the CDP and LST modules remain unaffected by the breach.
WazirX Hack Leads to Arrest in India
Masud Alam, a suspect connected to the WazirX breach, was recently taken into custody by Delhi police in another cryptocurrency-related crime. Alam is charged with participating in the earlier this year theft of at least $230 million worth of cryptocurrencies from the WazirX platform. Alam allegedly made a fake account on WazirX and sold it to someone else on Telegram, which led to the hack. This account was later used to breach the exchange and access its wallets.
According to the police investigation, the cybercriminals tried to access WazirX's more secure "cold" wallet after draining its "hot" wallet, which manages transactions. The company in charge of protecting WazirX's wallets, Liminal Custody, allegedly declined to assist with the investigation in spite of these attempts. This lack of collaboration has made it more difficult for law enforcement to successfully track down the stolen assets.
Continued Investigation and WazirX's Response
Following the WazirX breach, the company released a statement claiming that despite the attackers bypassing security measures, customer assets remained secure. WazirX also emphasized that its infrastructure had not been disrupted.
However, local police seized laptops from the platform as part of their investigation into potential misuse of WazirX's multi-signature wallets. Consequently, the investigation continues, with further updates expected in the coming weeks.
The post Thala Protocol Faces Security Breach, Recovers $25.5M in Stolen Funds appeared first on Crypto News Land.