Tapioca DAO suffered a massive exploit that caused the TAP token price to drop by more than 95%. About $4.5 million worth of cryptocurrency was stolen, but the team said they were in the process of recovering the funds with help from web3 security company Fuzzland and others.
“All current users of the Tapioca DAO platform are advised to revoke their contract authorizations until the recent compromises are resolved. If you have any issues deauthorizing them, please contact website support,” the Tapioca Foundation said in an
According to the foundation, the attackers were able to compromise the USDO stablecoin contract as well as the token’s vested contract, giving them access to sell 30 million vested TAP tokens, which are now worth less than $0.04, up from about $1.40 at the time. I was able to.
The attackers ended up with a total of $4,405,600, including $1,575,606 of ETH and 2.8 million USDC drained from the USDO/USDC liquidity pair. The stolen funds were exchanged for ETH, USDT and then linked from Arbitrum to the BNB chain, where they remain as of press time.
Tapioca is a decentralized money market protocol based on LayerZero for borrowing cryptocurrencies across multiple blockchains. It uses a stablecoin called USDO and Tapioca Omnichain Fungible Tokens (TOFT) to allow users to move wrapped assets between networks.
According to Fuzzland, the attackers likely obtained the private keys through social engineering. On Discord, Tapioca co-founder Matt Marino said he was contacted by Discord member 0xRektora saying his friend had been hired, which tricked him into lowering his guard enough to connect the hardware wallet the attacker used to take ownership of the TAP.
“North Korea will always be the garbage collector here,” Fuzzland echoed Zach
These attacks are “the result of fake job scams,” in which North Korean actors pose as interviewees or suppliers to gain inside access or information needed to steal funds, ZachXBT said. There have been many anecdotes and recently CoinDesk Research suggests that these types of “contagious interview” scams are widespread and a growing problem across cryptocurrencies.
Would you like to recover your funds?
“We are working in our war room, coordinating with the individuals and organizations needed to move forward and will communicate further action once the situation is under control,” the foundation said.
Tony, a security engineer at Fuzzland and member of the volunteer emergency response team SEAL911, was one of the members of the war room and helped recover some of the funds that went unnoticed by the hackers, he told The Block. .
According to Discord’s Marino, the organization moved 1,000 ETH, worth about $2.7 million, from its vaults to a secure location, the DAO multisig. “1000 ETH was DAO collateral within Big Bang Origins to mint USDO for USDO/USDC LPs,” he added.
“The team attempted to rescue these assets by first approving Multicall, which allows anyone to seize these assets. Fortunately, no one noticed and they were still able to rescue these assets,” Chaofan Shou, co-founder of Fuzzland, told The Block. “He said.
However, response teams have yet to recover the stolen assets. The DAO’s funding currently stands at $4.2 million, Marino said.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2024 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.