Thala, a DeFi project in the Aptos ecosystem, released a new announcement stating that the latest V1 liquidity pool contract was attacked by a security vulnerability, resulting in the theft of assets worth $25 million. Thala has currently suspended all related contracts and frozen Thala token assets (9 million USD MOD and 2.5 million USD THL). With the assistance of other institutions, it has agreed with the attacker to restore all user assets through a $300,000 bounty.
It is important to note that no further action is required by affected users and positions will be restored 100% intact. However, all related contracts and the Thala frontend will remain suspended until deemed fully secure. Existing positions in the CDP and LST modules are not affected. The protocol's codebase is currently undergoing an extensive review and re-audit of all affected and related packages. We will share more details soon. #pepe