DeFi protocol Thala recovers $25 million following successful hacker negotiation

The Aptos-based decentralized protocol Thala suffered an exploit on Friday that saw a hacker drain about $25.5 million in tokens from its liquidity pools. 

Luckily, with the help of theft recovery groups SEAL 911 and Ogle Security Group, Thala was able to negotiate with the hacker for the return of the funds in exchange for a $300,000 bug bounty, the protocol announced on X. 

"Affected users require no further action, and positions will be made 100% whole. However, all relevant contracts and the Thala frontend will remain paused until deemed to be fully secure," the protocol stated . 

A member of SEAL 911 said the recovery was surprisingly straightforward after the group made contact with the hacker. 

"[SEAL 911] identified the white hat hacker within minutes (i.e. name, location etc.) due to obvious onchain links. Fortunately, the white hat hacker reached out themselves a little bit later and returned the funds minus a bounty themselves," SEAL 911 member @pcaversaccio said. "It was a very easy win in that case, since no real negotiation was needed." 

Thala Labs provides an automated market maker and a yield-bearing stablecoin for the Aptos ecosystem known as the Move Dollar (MOD), named after Aptos' programming language. The protocol has the fourth-highest total value locked (TVL) of any DeFi protocol on Aptos, according to DefiLlama data . The hacker stole $9 million worth of MOD tokens and $2.5 million worth of Thala's native governance token, THL, which the protocol was able to freeze. 

While the protocol recently announced its ThalaSwap V2 product , the vulnerability was in the protocol's v1 contracts.

"Thala was lucky in this case nonetheless to have had a good guy to return the funds," @pcaversaccio said. "I want to emphasize: very lucky."