Man
Professional
- Messages
- 3,108
- Reaction score
- 670
- Points
- 113
The hacker almost left with the money, but at the last moment the unexpected happened...
Thala has successfully recovered $25.5 million of stolen user funds after a cyberattack. As a result of operational negotiations with the hacker, it was possible to restore all assets.
The Thala project, known for its decentralized finance platform in the Move programming language, confirmed that the incident occurred on November 15 due to a vulnerability in the v1 contract update for farming. The exploit allowed the attacker to withdraw $25.5 million from liquidity pools, after which the platform suspended all related contracts and froze $11.5 million worth of tokens.
During the investigation, Thala engaged law enforcement agencies, as well as specialists from Seal 911 and Ogle to establish the identity of the attacker. As a result, a ransom of $300,000 was agreed, which made it possible to return the stolen assets and guarantee full compensation to the affected users.
Thala stressed that users do not need to take additional action - their positions will be fully restored. However, all contracts and the platform interface will remain frozen until a full security review.
To ensure reliability, Thala Labs will re-audit all code and all affected modules to avoid similar incidents in the future. All existing positions for CDP and LST modules remained intact and continue to operate normally.
Launched on the Ethereum blockchain's Layer 2 in March this year, the platform has previously established itself as a robust DeFi project, offering users the ability to borrow Move Dollar and provide liquidity through an automated market maker.
Now the developers continue to actively analyze their systems to improve security and promise to publish additional updates as all checks are completed.
Source
Thala has successfully recovered $25.5 million of stolen user funds after a cyberattack. As a result of operational negotiations with the hacker, it was possible to restore all assets.
The Thala project, known for its decentralized finance platform in the Move programming language, confirmed that the incident occurred on November 15 due to a vulnerability in the v1 contract update for farming. The exploit allowed the attacker to withdraw $25.5 million from liquidity pools, after which the platform suspended all related contracts and froze $11.5 million worth of tokens.
During the investigation, Thala engaged law enforcement agencies, as well as specialists from Seal 911 and Ogle to establish the identity of the attacker. As a result, a ransom of $300,000 was agreed, which made it possible to return the stolen assets and guarantee full compensation to the affected users.
Thala stressed that users do not need to take additional action - their positions will be fully restored. However, all contracts and the platform interface will remain frozen until a full security review.
To ensure reliability, Thala Labs will re-audit all code and all affected modules to avoid similar incidents in the future. All existing positions for CDP and LST modules remained intact and continue to operate normally.
Launched on the Ethereum blockchain's Layer 2 in March this year, the platform has previously established itself as a robust DeFi project, offering users the ability to borrow Move Dollar and provide liquidity through an automated market maker.
Now the developers continue to actively analyze their systems to improve security and promise to publish additional updates as all checks are completed.
Source
