Decentralized finance firm Thala has restarted operations a day after the protocol’s liquidity pools were exploited for roughly $25.5 million.
In a Nov. 17 X post, Thala notified users that all its offerings have been restored, except its staking service, which is being “patched and audited.”
The announcement comes a day after the protocol disclosed it was the victim of a security breach on Nov. 15, which allowed a bad actor to withdraw large sums of its liquidity tokens. Reportedly, the isolated issue stemmed from the protocol’s v1 farming contracts, where a vulnerability was introduced after a recent update.
According to Thala, all services were suspended immediately after the breach was flagged, and the protocol managed to freeze $11.5 million worth of Thala-related assets, including the protocol’s native THL token and the Move Dollar (MOD).
This was possible due to the Move programming language, which underpins the Aptos blockchain on which Thala operates. Move treats digital assets as first-class resources and includes native functions like freeze and burn.
To recover the remaining funds, Thala worked with SEAL 911, a cohort of DeFi security experts, and Ogle, an on-chain investigator, along with law enforcement to track down the hacker behind the incident. The hacker agreed to return all user assets in exchange for a $300,000 bounty.
Thala has assured users that all positions will be made “100% whole,” and no action is required on their part.
Presently, the total value locked in Thala has dropped from $234 million to $196 million, while THL was down over 31% since the incident.
This is one of the many attacks targeted towards decentralized protocols in recent months. On Oct. 16, DeFi lender Radiant Capital was drained of roughly $50 million after attackers exploited a backdoor contract.
In a September incident, Bedrock, a staking protocol, lost an estimated $2 million in digital assets due to a bug that allowed cyber thieves to drain funds from the protocol’s liquidity pools.
According to blockchain security firm PeckSheild, around $88.4 million was lost in October via crypto hacks, while total on-chain losses surged to $181 million.
