Thala protocol resumes operations after $25.5m exploit

crypto.news · 2024-11-17T23:25:14+00:00

Decentralized finance (DeFi) firm Thala is now operational after suffering an attack that saw hackers withdraw around $25.5m from its liquidity pools. After working with DeFi security experts and on-chain investigators, Thala managed to freeze $11.5m worth of Thala-related assets and recover the remaining funds by agreeing to pay a hacker's $300,000 bounty. All positions for users will reportedly be made "100% whole". Total value locked in Thala has fallen from $234m to $196m after the attack. DeFi protocols have become a target for hackers in recent months, with the sector becoming the largest victim of crypto-hacking during October.

crypto.news

2024-11-17 23:25:14

Abstract generation in progress

Decentralized finance firm Thala has restarted operations a day after the protocol’s liquidity pools were exploited for roughly $25.5 million.

In a Nov. 17 X post, Thala notified users that all its offerings have been restored, except its staking service, which is being “patched and audited.”

The announcement comes a day after the protocol disclosed it was the victim of a security breach on Nov. 15, which allowed a bad actor to withdraw large sums of its liquidity tokens. Reportedly, the isolated issue stemmed from the protocol’s v1 farming contracts, where a vulnerability was introduced after a recent update.

According to Thala, all services were suspended immediately after the breach was flagged, and the protocol managed to freeze $11.5 million worth of Thala-related assets, including the protocol’s native THL token and the Move Dollar (MOD).

This was possible due to the Move programming language, which underpins the Aptos blockchain on which Thala operates. Move treats digital assets as first-class resources and includes native functions like freeze and burn.

To recover the remaining funds, Thala worked with SEAL 911, a cohort of DeFi security experts, and Ogle, an on-chain investigator, along with law enforcement to track down the hacker behind the incident. The hacker agreed to return all user assets in exchange for a $300,000 bounty.

Thala has assured users that all positions will be made “100% whole,” and no action is required on their part.

Presently, the total value locked in Thala has dropped from $234 million to $196 million, while THL was down over 31% since the incident.

This is one of the many attacks targeted towards decentralized protocols in recent months. On Oct. 16, DeFi lender Radiant Capital was drained of roughly $50 million after attackers exploited a backdoor contract.

In a September incident, Bedrock, a staking protocol, lost an estimated $2 million in digital assets due to a bug that allowed cyber thieves to drain funds from the protocol’s liquidity pools.

According to blockchain security firm PeckSheild, around $88.4 million was lost in October via crypto hacks, while total on-chain losses surged to $181 million.

THL0,35%

THE-1,14%

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.