Coming soon

← Back to the graveyard
ThalaSwap logo

ThalaSwap

Hacked

DeFi · $THL · born 2023 · ✝ 2024

An Aptos DEX whose pools were drained, then handed back.

ThalaSwap was a leading AMM on the Aptos blockchain that was exploited in November 2024 when an attacker drained its liquidity pools. The protocol paused, negotiated with the attacker, and recovered most of the funds.

Peak
~$25.5M stolen
Cause
Hacked
Year of death
2024

☠️ Cause of death

A flaw in the pool logic let an attacker drain liquidity from ThalaSwap's AMM contracts before the protocol froze operations.

📓 Lessons left behind

  • A bug-bounty path can turn a drain into a recovery.
  • Pausing fast can stop a partial drain becoming a total one.
  • Move-based contracts still need rigorous pool-logic audits.

🌱 The idea that survived

On-chain pause switches

Showed the value of credible pause controls and white-hat negotiation channels for recovering drained funds.

#defi#amm#aptos#liquidity