Tapioca DAO, a decentralized money market protocol on LayerZero, suffered a security breach on Oct. 18, causing its native TAP token to lose more than 90% of its value.
Blockchain security firm Cyvers
revealed
that the protocol’s deployer address was compromised, resulting in unauthorized changes to the vesting contract’s ownership.
The attack
The attacker exploited the vulnerability to withdraw more than 21 million TAP tokens using an emergency rescue function. The tokens were then swapped for 591
ETH
, which caused TAP to crash 93%.
Further investigation revealed that the attacker used Stargate to bridge some of the stolen assets to BNB Chain. As of press time, the suspicious address holds roughly $4.7 million worth of BSC-USD and
USDC
on the BNB Chain.
Cyvers estimates the total losses from the breach to be approximately $16.9 million. However, Web3 security auditor Hacken
suggested
the figure could be as high as $38 million.
In the aftermath of the attack, Hacken warned users of phishing attempts. Malicious actors are reportedly spreading fake links that promise refunds while urging users to revoke their accounts.
The security firm warned:
“We’ve noticed fake accounts impersonating Tapioca_dao posting phishing links under this thread. Please do not interact with any suspicious links or messages claiming to be from Tapioca. Stay vigilant and protect your assets.”
Tapioca DAO, which is building a DeFi money market and stablecoin on Layer Zero’s cross-chain infrastructure, has yet to issue a public statement regarding the breach as of press time.
North Korea connection
On-chain investigator
ZachXBT
speculated that the Tapioca DAO hack could be
linked to malware
downloaded by a team member.
He pointed out that this exploit may be related to a series of recent hacks targeting projects like Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll.
ZachXBT pointed out that these attacks are part of a larger operation involving fake job scams, potentially connected to state-sponsored
threat actors from North Korea
. However, there is no conclusive evidence linking the Tapioca breach to North Korea as of press time.
Mentioned in this article
Ethereum
ZachXBT
Posted In:
Ethereum
,
North Korea
,
Crime
,
Crypto
,
DeFi
,
Featured
,
Hacks
Author
Oluwapelumi Adejumo
Journalist at CryptoSlate
Oluwapelumi values Bitcoin’s potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
@hardeyjumoh
LinkedIn
Email Oluwapelumi
Editor
Assad Jafri
Editor & Reporter at CryptoSlate
AJ, a passionate journalist since Yemen’s 2011 Arab Spring, has honed his skills worldwide for over a decade. Specializing in financial journalism, he now focuses on crypto reporting.
@Saajthebard
LinkedIn
Email Editor
Ad
CryptoSlate on Substack
cryptoslate.substack.com
Essential crypto updates and analyses. Straight to your inbox, every day.
Join 90k+ subscribers
Latest
North Korea
Stories
Cosmos developers race to dismantle North Korea-linked staking module amid security fears
Technology
3 days ago
Cosmos developers plan to include a “bold face warning” about the module on the network’s repository.
Munchables recovers $62.5 million in user funds after exploit linked to North Korean hacker
DeFi
7 months ago
The gaming platform had unknowingly hired a North Korean hacker as one of its core developers.
North Korean Lazarus group funnels over $100 million in Ethereum through sanctioned mixer Tornado Cash in 8 days
Technology
7 months ago
North Korea’s crypto thefts reach $750 million in 2023, UN report reveals.
North Korean attackers crypto theft fall 30% to $600M in 2023
Hacks
10 months ago
North Korea-backed hackers have diversified their laundering strategies in response to sanctions imposed by Western authorities.
Latest
Ethereum
Stories
Eigenlayer X account hacked taking advantage of platform design to hide scam link
Crime
1 day ago
Sophisticated phishing tactics on Eigenlayer X account urge users to verify links before engaging.
Nearly 70% of institutional investors commit to Ethereum staking – survey
Staking
2 days ago
Reputation, security, and liquidity emerge were key factors for institutional investors when selecting staking platforms.
Vitalik Buterin’s ‘Surge’ plan aims for exponential Ethereum growth with 100,000 TPS
Crypto
3 days ago
Buterin emphasized the need for Ethereum layer-2s to feel like one “unified” ecosystem by improving their interoperability.
Bitcoin’s latest rally indicates investors primed for surge toward $80K before elections – Bitwise CIO
Crypto
4 days ago
Hougan said Bitcoin’s latest rally following Harris’ comments shows that even the slightest hint of regulatory clarity will spur investor optimism.
Latest Press Releases
View All
Ape On Launches Innovative Token Locking for Secure Project Launches on Solana
Chainwire
23 hours ago
$KERORO Hits Solana With A Seismic Shift Expected
Chainwire
23 hours ago
Mc Pitbull Launches MCPB Meme Coin with Innovative MEMconomy and MEMketing Approaches
Chainwire
1 day ago
Disclaimer:
Our writers’ opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.