- Following a successful negotiation that resulted in the hacker accepting a $300,000 bug bounty, the DeFi protocol Thala successfully recovered over $25 million that had been stolen from its liquidity pools, the protocol revealed.
- The Aptos-based protocol is now reexamining and auditing its codebase after pausing some operations.
On Friday, a hacker exploited the decentralized system Thala, which is based on Aptos, to take over $25.5 million worth of tokens out of its liquidity pools.
Fortunately, Thala was able to work with the hacker to get the money back in exchange for a $300,000 bug reward, which the protocol revealed on X, with the assistance of theft recovery organizations SEAL 911 and Ogle Security Group.
Positions will be restored to 100% completeness, and impacted users don’t need to take any additional action. The Thala frontend and all pertinent contracts, however, will be on hold until they are judged completely secure.
After contacting the hacker, a SEAL 911 member said that the recovery was remarkably simple.
Due to clear onchain ties, [SEAL 911] was able to identify the white hat hacker in a matter of minutes, including name, location, and other details. Thankfully, the white hat hacker got in touch with them a little later and gave back the money, less a bounty, according to SEAL 911 member @pcaversaccio. Since there was no actual negotiation required, it was a fairly simple victory in that instance.
The Move Dollar (MOD), which is called after the programming language used by Aptos, is a yield-bearing stablecoin and automated market maker offered by Thala Labs for the Aptos ecosystem. Based on DefiLlama data, the protocol has the fourth-highest total value locked (TVL) of any DeFi protocol on Aptos. In addition to $2.5 million worth of Thala’s native governance token, THL, which the protocol was able to freeze, the hacker took $9 million worth of MOD tokens.
The vulnerability existed in the protocol’s v1 contracts, even though the protocol just revealed its ThalaSwap V2 product.
“Thala was lucky in this case nonetheless to have had a good guy to return the funds,” @pcaversaccio stated. “I want to emphasize: very lucky.”
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.
