- DeFi platform Thala has recovered more than $25 million it had lost to a hacker
- Thala recovered the funds after working with law enforcement agencies
- The hacker agreed to take $300,000 as a bounty
DeFi protocol Thala has disclosed that it recovered all the funds hacked from the protocol on November 15, adding that it offered $300,000 as a bounty. Thala said that it worked with law enforcement agencies and blockchain sleuths to track the funds and reveal the malicious actor’s identity cornering the hacker to take a bounty and return the funds within six hours after the incident. The platform has resumed some of its services and promised to make all users whole again, something that will help maintain users’ confidence.
No Further Action Required
In an X post, Thala revealed that the attacker compromised the platform using a vulnerability in its recent update of farming contracts. The hacker siphoned $25.5 million from liquidity pools. The platform noted that affected users “require no further action,” adding that funds drained from the pools will be automatically returned and “positions will be made 100% whole.”
Important Announcement
On November 15th 2024, Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m.
We immediately paused all relevant…
— Thala (@ThalaLabs) November 16, 2024
In its latest update, Thala disclosed that farming functionalities remain paused making it impossible for users to open or close positions. The pause will continue until the platform completes reauditing and fixing the vulnerability.
https://t.co/MKDLRgDfwy is now back live.
Please note that farming functionalities remain paused for security measures, meaning that users are unable to stake/unstake positions until all affected modules are patched and reaudited.
— Thala (@ThalaLabs) November 17, 2024
Not All Hackers Accept a Bug Bounty
The bounty paid to the attacker is more than the usual 10% offered to hackers. Thala, however, isn’t the first DeFi platform to provide a higher bug bounty. Last month, DeFi protocol Tapioca DAO offered more than 20% to an attacker who had siphoned $4.7 million from the platform.
A bounty doesn’t guarantee that a hacker will return funds. In February, the PlayDapp hacker refused to accept a $1 million bounty, forcing the platform to consider moving the project to a new contract.
With Thala offering a higher bounty, it remains to be seen whether DeFi hackers will demand a higher bounty in exchange for stolen funds.i
