Defunct Thetanuts Vault Loses $2.1M in DeFi Exploit, Most Funds Recovered

A legacy Thetanuts Finance vault fell victim to hackers this week, resulting in the loss of approximately $2.1 million in digital assets. The attack targeted an outdated smart contract that had been abandoned years earlier when the DeFi protocol migrated to newer infrastructure.

Despite the initial breach, whitehat security researchers managed to salvage the situation by recovering roughly $2 million worth of option tokens before attackers could liquidate them. The swift response from the crypto security community limited what could have been a far more damaging incident for affected users.

No Impact on Active Operations

Thetanuts Finance emphasized that the compromised vault operates independently from their current product suite. The protocol had previously transitioned away from the vulnerable contract infrastructure, meaning active users and recent depositors face no exposure to this exploit. This incident highlights a persistent challenge in DeFi: legacy code can remain attractive targets long after protocols move on to upgraded systems.

The attack adds to a troubling pattern across decentralized finance in recent months. Outdated smart contracts with lingering funds continue providing opportunities for malicious actors, even when projects have evolved beyond their original architecture. Security experts routinely advise protocols to formally sunset deprecated contracts and encourage users to migrate assets promptly.

For Thetanuts, the financial damage appears contained thanks to quick defensive action. However, the episode serves as a reminder that blockchain immutability cuts both ways—while ensuring transaction permanence, it also means vulnerable code remains accessible indefinitely. Projects must balance innovation with the responsibility of monitoring legacy infrastructure that may still hold user value.

Based on reporting by the original source.