Tapioca DAO, a decentralized money market protocol on LayerZero, suffered a security breach on Oct. 18, causing its native TAP token to lose more than 90% of its value.

Blockchain security firm Cyvers revealed that the protocol’s deployer address was compromised, resulting in unauthorized changes to the vesting contract’s ownership.

The attack

The attacker exploited the vulnerability to withdraw more than 21 million TAP tokens using an emergency rescue function. The tokens were then swapped for 591 ETH, which caused TAP to crash 93%.

Further investigation revealed that the attacker used Stargate to bridge some of the stolen assets to BNB Chain. As of press time, the suspicious address holds roughly $4.7 million worth of BSC-USD and USDC on the BNB Chain.

Cyvers estimates the total losses from the breach to be approximately $16.9 million. However, Web3 security auditor Hacken suggested the figure could be as high as $38 million.

In the aftermath of the attack, Hacken warned users of phishing attempts. Malicious actors are reportedly spreading fake links that promise refunds while urging users to revoke their accounts.

The security firm warned:

“We’ve noticed fake accounts impersonating Tapioca_dao posting phishing links under this thread. Please do not interact with any suspicious links or messages claiming to be from Tapioca. Stay vigilant and protect your assets.”

Tapioca DAO, which is building a DeFi money market and stablecoin on Layer Zero’s cross-chain infrastructure, has yet to issue a public statement regarding the breach as of press time.

North Korea connection

On-chain investigator ZachXBT speculated that the Tapioca DAO hack could be linked to malware downloaded by a team member.

He pointed out that this exploit may be related to a series of recent hacks targeting projects like Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll.

ZachXBT pointed out that these attacks are part of a larger operation involving fake job scams, potentially connected to state-sponsored threat actors from North Korea. However, there is no conclusive evidence linking the Tapioca breach to North Korea as of press time.

Mentioned in this article

Read the full article here

Share.

Leave A Reply

Your road to financial

freedom starts here

With our platform as your starting point, you can confidently navigate the path to financial independence and embrace a brighter future.

Registered address:

First Floor, SVG Teachers Credit Union Uptown Building, Kingstown, St. Vincent and the Grenadines

CFDs are complex instruments and have a high risk of loss due to leverage and are not recommended for the general public. Before trading, consider your level of experience, relevant knowledge, and investment objectives and seek financial advice. Vittaverse does not accept clients from OFAC sanctioned jurisdictions. Also, read our legal documents and make sure you fully understand the risks involved before making any trading decision

Exit mobile version