Thala Protocol Exploit

The Aptos-based decentralized protocol Thala faced an exploit on Friday, resulting in a hacker draining approximately $25.5 million in tokens from its liquidity pools.

Fortunately, with assistance from theft recovery groups SEAL 911 and Ogle Security Group, Thala successfully negotiated the return of the funds. The hacker returned the stolen assets in exchange for a $300,000 bug bounty, as announced by the protocol on X.

Affected Users

Affected users need to take no further action, and positions will be fully restored. However, all relevant contracts and the Thala frontend remain paused until security is ensured.

Recovery Process

A member of SEAL 911 noted that the recovery was surprisingly simple after they contacted the hacker.

> “SEAL 911 identified the white hat hacker within minutes due to clear on-chain links. Thankfully, the white hat hacker later reached out and returned the funds, minus a bounty,” said SEAL 911 member @pcaversaccio. “It was a straightforward case, with no real negotiations required.”

About Thala Labs

Thala Labs offers an automated market maker and a yield-bearing stablecoin for the Aptos ecosystem, known as the Move Dollar (MOD), named after Aptos’ programming language. The protocol ranks fourth in total value locked (TVL) among DeFi protocols on Aptos, according to DeFiLlama data. The hacker managed to steal $9 million worth of MOD tokens along with $2.5 million worth of Thala’s native governance token, THL, which the protocol has since frozen.

Recently, Thala announced its ThalaSwap V2 product, although the vulnerability existed in the protocol's version 1 contracts.

“Thala was fortunate to have a good actor return the funds,” emphasized @pcaversaccio. “I want to highlight: it was very lucky.”