Skip to main content
Sign in
ThalaSwap1 decision on this page

Audit log

Every state-changing event for ThalaSwap: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 03:37:11Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,905,951
    sig
    25TqELSxkYPm…oE9WqDHfexplorer ↗
    hash
    HALS5dXKqGfB…ECj4r5FAsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5565 B) ▸
    {"actor":"system:backfill","investigation_id":"9ef17dd6-b7aa-4c1a-ae5c-c52a6a15cc62","kind":"publish","page_slug":"thalaswap","published_at":"2026-05-20T03:37:11.036Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"ThalaSwap","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/177279/parafi-backs-thala-labs-6-million-raise-to-build-defi-stack-on-aptos-exclusive"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/thalaswap"},{"credibility":3,"name":"","type":"other","url":"https://www.signum.capital/blog/why-we-invested-in-thala-labs/"},{"credibility":3,"name":"","type":"other","url":"https://aptosnetwork.com/currents/ecosystem-spotlight-thala-building-defi-primitives-on-aptos"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-thala-hack-november-2024"},{"credibility":3,"name":"","type":"other","url":"https://x.com/ThalaLabs/status/1857703541089120541"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/thala-recovers-25-million-exploiter-hacker-caught"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"},{"credibility":3,"name":"","type":"other","url":"https://quadrigainitiative.com/casestudy/thalalabsv1farmingcontractvulnerability.php"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/thala-recovers-25-million-exploiter-hacker-caught"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/thala-recovers-25-million-exploiter-hacker-caught"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/326937/defi-protocol-thala-recovers-25-million-following-successful-hacker-negotiation"},{"credibility":3,"name":"","type":"other","url":"https://cybernews.com/crypto/hacked-crypto-project-thala-paid-to-recover-millions/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/177279/parafi-backs-thala-labs-6-million-raise-to-build-defi-stack-on-aptos-exclusive"},{"credibility":3,"name":"","type":"other","url":"https://www.signum.capital/blog/why-we-invested-in-thala-labs/"},{"credibility":3,"name":"","type":"other","url":"https://whitestarcapital.com/companies/thala-labs/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-thala-hack-november-2024"},{"credibility":3,"name":"","type":"other","url":"https://quadrigainitiative.com/casestudy/thalalabsv1farmingcontractvulnerability.php"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/thalaswap"},{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"}]}],"sources_used":[],"summary":"ThalaSwap is the decentralized exchange component of Thala Labs, an Aptos-based DeFi protocol offering an AMM, the Move Dollar (MOD) overcollateralized stablecoin, liquid staking, and a launchpad. On November 15, 2024, an input-validation bug introduced in a two-line patch to the v1 farming contract allowed an attacker to drain $25.5 million in liquidity pool tokens; funds were fully recovered within hours after SEAL 911 identified the exploiter via on-chain evidence and the attacker returned assets in exchange for a $300,000 bounty.","timeline":[{"date":"2022-10-25","event":"Thala Labs raises $6 million seed round co-led by ParaFi Capital, White Star Capital, and Shima Capital","source":""},{"date":"2023-04-06","event":"Thala protocol launches on Aptos mainnet; reaches $10M TVL within days","source":""},{"date":"2024-11-01","event":"Two-line patch deployed to v1 farming contract, introducing the unstake_max input-validation bug that bypassed standard security review","source":""},{"date":"2024-11-15","event":"Exploit begins at 4:46 AM PST from address 0xf7…; second larger drain completed at 7:10 AM PST from address 0x80…; total $25.5M in LP tokens stolen","source":""},{"date":"2024-11-15","event":"TVL alerts trigger at 5:12 AM PST; vulnerability identified by 7:30 AM PST; all relevant contracts paused; $11.5M in Thala assets frozen","source":""},{"date":"2024-11-15","event":"SEAL 911 and Ogle identify attacker via on-chain evidence within minutes; on-chain message sent to attacker at 9:34 AM PST","source":""},{"date":"2024-11-15","event":"Attacker agrees to return all funds by 10:13 AM PST in exchange for $300,000 protocol bounty and $40,000 personal payment; full recovery confirmed by 11:13 AM PST","source":""},{"date":"2024-11-16","event":"Thala Labs publishes post-mortem on Medium detailing root cause, timeline, and remediation steps including OtterSec re-audit and withdrawal rate limits","source":""},{"date":"2025-01-01","event":"ThalaSwap V3 (CLMM concentrated liquidity) becomes primary liquidity venue; protocol remains operational with $2.23M TVL as of mid-2026","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 085b024f-bdb6-4ca0-84eb-38ae395118b6
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.