VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
The Aptos-based DeFi project Thala suffered a security breach as a result of an isolated vulnerability in the latest update to v1 farming contracts, allowing the exploiter to withdraw liquidity pool tokens totaling $25.5m. Thala has since paused all related contracts and frozen Thala token assets ($9m MOD and $2.5m THL). With the assistance of other organizations, the team identified the exploiter and negotiated a $300k bounty for a full recovery of user assets. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 25,500,000.
Primary source
https://x.com/thalalabs/status/1857703541089120541?s=46&t=bcMyidYO0QkS5ajIW9CBdg ↗Sourced from
slowmist
Technical record
- chain
- aptos
- protocol
- Thala
- bug_class
- logic
- date_occurred
- 2024-11-15
- loss_usd
- $25,500,000
- source_id
- sm:thala::2024-11-15
Related — same bug class· logic