Thala Labs Recovered All Stolen Funds
Decentralised finance firm Thala Labs successfully recovered $25.5 million in liquidity pool tokens stolen from one of its farming contracts, thanks to efforts by law enforcement and crypto investigators.
On 16 November, Thala disclosed a "security breach" that occurred the previous day, citing an "isolated vulnerability" in its v1 farming contracts that allowed a hacker to exploit and withdraw liquidity tokens.
In response, Thala immediately paused affected contracts and froze $11.5 million in assets linked to the breach.
Important Announcement
On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m.
We immediately paused all relevant…
— Thala (@ThalaLabs) November 16, 2024
Thala noted:
“With the help of law enforcement, Seal 911, Ogle, and others, we were able to quickly identify the exploiter.”
The hacker, identified through investigative efforts, returned the stolen funds within six hours of the incident, according to crypto sleuth Ogle.
$25m stolen, $25m recovered, in less than 6 hours
I'm proud to have gotten to work on the negotiations here with the team at Thala, and I'm glad the exoloiter made the right choice so quickly. Good day for everyone involved. 🦾 https://t.co/FWLXI7OCJY
— ogle | glue.net (@cryptogle) November 16, 2024
Thala negotiated a $300,000 bounty to ensure the full recovery of user assets.
While the attacker's identity remains undisclosed, Thala assured users that all affected accounts will be fully restored, requiring no further action from them.
Thala Back Online But Farming Paused for Security Reasons
Thala has restored access to its front-end platform, but farming activities remain paused.
Users are unable to stake or unstake positions while the protocol undergoes an "extensive review" and re-audit of its codebase.
https://t.co/MKDLRgDfwy is now back live.
Please note that farming functionalities remain paused for security measures, meaning that users are unable to stake/unstake positions until all affected modules are patched and reaudited.
— Thala (@ThalaLabs) November 17, 2024
The breach, which affected Thala’s integration with Move, a modular blockchain network developed by Movement Labs, was detailed by CEO Adam Cader in a 16 November X (formerly known as Twitter) post.
Some thoughts on Move after yesterdays incident and successful recovery (long form):
Move by itself doesn’t make all complex business operations in smart contracts perfect by default but instead provides a developer environment that eliminates a lot of the common issues from…
— Adam (@adammoves_) November 16, 2024
As one of the leading DeFi platforms on the Aptos layer-1 blockchain, Thala has faced significant challenges following the attack.
Since the incident, the price of the THL token has dropped by around 35%, falling to $0.51 before making a slight recovery to $0.6116, a 2.97% increase in the last 24 hours according to CoinMarketCap.
Over the past week, the token has decreased by 26.05%.
The exploit resulted in the theft of $2.5 million worth of THL tokens and $9 million from Thala's Move Dollar (MOD) stablecoin.
Additionally, Thala’s total value locked (TVL) has decreased from $240 million on 15 November to $196.86 million at the time of writing, according to DefiLlama data.