Tapioka DAO was exploited and lost $1.6 million worth of TAP tokens

[Man]

The decentralized autonomous organization Tapioca DAO, operating in the decentralized finance (DeFi) sector, suffered a hacker attack - an attacker stole $1.6 million worth of TAP tokens.

The Tapioca DAO address was compromised, and the hacker was able to take control of the vesting contract. The hacker withdrew 21 million TAP, activating emergency protocol recovery. After transferring the crypto assets to a new address, the attacker exchanged them for 591 ETH.

The hacker then transferred the ethers to the BNB Chain network using the Stargate Finance service. Analysts found that the attacker's address also contains BSC-USD and USDC stablecoins worth about $4.7 million, so the researchers concluded that this could not be the first exploit by the hacker.

Note that with the help of TAP governance tokens, users can participate in votes on protocol upgrades, influence fee structures, and take part in other important decisions related to the Tapioca DAO. As a result of the exploit and liquidity outflow, the token's rate plummeted by 93% — from $1.30 to $0.098.

 

[Man]

Tapioca Offers $1 Million to Social Engineering Attacker Who Stole $4.7 Million.

The Tapioca Foundation offered a $1 million reward to an attacker who stole $4.7 million from its decentralized finance protocol in a so-called "social engineering attack".

"We would like to offer you an attractive reward where you walk away with funds that are completely legally yours, with no strings attached", Tapioca wrote in an October 20 email to the attacker's cryptocurrency wallet.

He offered $1 million in Tether (USDT) — which he said was "well above the usual 10%" offered in rewards — in exchange for the attacker returning the remaining $3.7 million.

In an October 18 X post, Tapioca revealed that it had been "affected by a social engineering attack" in which an attacker stole $2.8 million worth of 591 Ether (ETH) and USD (USDC) coins.

He explained that the attack jeopardized the contract ownership of his Tapioca DAO (TAP) token and UDSO stablecoin.

The attacker was able to claim and sell the owned TAP, as well as "added minting to the infinite minting of USDO and depleted" the liquidity pool for USDO and USDC.

Tapioca co-founder Matt Marino revealed in an October 19 post on the project's Discord that his fellow co-founder under the pseudonym "Rectora" was phished.

He added that Rektora "downloaded something during the interview", and the program replaced the transaction with malware, thanks to which the attackers gained access to the contracts.

In a later Discord post on October 19, Marino claimed to have "hacked the hacker" and recovered 1000 ETH, which is currently worth over $2.7 million, which was the collateral backing the USDO stablecoin for the liquidity pool.

In the October 18 attack, the attacker withdrew nearly 30 million TAP tokens from the transfer contract, swapped them for ETH worth about $1.5 million, converted them to USDT, and sent the funds to the BNB Chain, where they still remain, a transaction showing the attacker's wallet.

As a result of the attack, the TAP token has actually lost all of its value. According to CoinGecko, it is currently trading at 2 cents compared to the approximately $1.40 it was trading before the attack.