Verify a decision

{"actor":"system:backfill","investigation_id":"9ef17dd6-b7aa-4c1a-ae5c-c52a6a15cc62","kind":"publish","page_slug":"thalaswap","published_at":"2026-05-20T03:37:11.036Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"ThalaSwap","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/177279/parafi-backs-thala-labs-6-million-raise-to-build-defi-stack-on-aptos-exclusive"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/thalaswap"},{"credibility":3,"name":"","type":"other","url":"https://www.signum.capital/blog/why-we-invested-in-thala-labs/"},{"credibility":3,"name":"","type":"other","url":"https://aptosnetwork.com/currents/ecosystem-spotlight-thala-building-defi-primitives-on-aptos"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-thala-hack-november-2024"},{"credibility":3,"name":"","type":"other","url":"https://x.com/ThalaLabs/status/1857703541089120541"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/thala-recovers-25-million-exploiter-hacker-caught"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"},{"credibility":3,"name":"","type":"other","url":"https://quadrigainitiative.com/casestudy/thalalabsv1farmingcontractvulnerability.php"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/thala-recovers-25-million-exploiter-hacker-caught"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/thala-recovers-25-million-exploiter-hacker-caught"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/326937/defi-protocol-thala-recovers-25-million-following-successful-hacker-negotiation"},{"credibility":3,"name":"","type":"other","url":"https://cybernews.com/crypto/hacked-crypto-project-thala-paid-to-recover-millions/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/177279/parafi-backs-thala-labs-6-million-raise-to-build-defi-stack-on-aptos-exclusive"},{"credibility":3,"name":"","type":"other","url":"https://www.signum.capital/blog/why-we-invested-in-thala-labs/"},{"credibility":3,"name":"","type":"other","url":"https://whitestarcapital.com/companies/thala-labs/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-thala-hack-november-2024"},{"credibility":3,"name":"","type":"other","url":"https://quadrigainitiative.com/casestudy/thalalabsv1farmingcontractvulnerability.php"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/thalaswap"},{"credibility":3,"name":"","type":"other","url":"https://thalalabs.medium.com/thala-nov-15-post-mortem-5aea82bb3916"}]}],"sources_used":[],"summary":"ThalaSwap is the decentralized exchange component of Thala Labs, an Aptos-based DeFi protocol offering an AMM, the Move Dollar (MOD) overcollateralized stablecoin, liquid staking, and a launchpad. On November 15, 2024, an input-validation bug introduced in a two-line patch to the v1 farming contract allowed an attacker to drain $25.5 million in liquidity pool tokens; funds were fully recovered within hours after SEAL 911 identified the exploiter via on-chain evidence and the attacker returned assets in exchange for a $300,000 bounty.","timeline":[{"date":"2022-10-25","event":"Thala Labs raises $6 million seed round co-led by ParaFi Capital, White Star Capital, and Shima Capital","source":""},{"date":"2023-04-06","event":"Thala protocol launches on Aptos mainnet; reaches $10M TVL within days","source":""},{"date":"2024-11-01","event":"Two-line patch deployed to v1 farming contract, introducing the unstake_max input-validation bug that bypassed standard security review","source":""},{"date":"2024-11-15","event":"Exploit begins at 4:46 AM PST from address 0xf7…; second larger drain completed at 7:10 AM PST from address 0x80…; total $25.5M in LP tokens stolen","source":""},{"date":"2024-11-15","event":"TVL alerts trigger at 5:12 AM PST; vulnerability identified by 7:30 AM PST; all relevant contracts paused; $11.5M in Thala assets frozen","source":""},{"date":"2024-11-15","event":"SEAL 911 and Ogle identify attacker via on-chain evidence within minutes; on-chain message sent to attacker at 9:34 AM PST","source":""},{"date":"2024-11-15","event":"Attacker agrees to return all funds by 10:13 AM PST in exchange for $300,000 protocol bounty and $40,000 personal payment; full recovery confirmed by 11:13 AM PST","source":""},{"date":"2024-11-16","event":"Thala Labs publishes post-mortem on Medium detailing root cause, timeline, and remediation steps including OtterSec re-audit and withdrawal rate limits","source":""},{"date":"2025-01-01","event":"ThalaSwap V3 (CLMM concentrated liquidity) becomes primary liquidity venue; protocol remains operational with $2.23M TVL as of mid-2026","source":""}]},"v":1}