Tapioca DAO has fallen victim to a severe social engineering attack, leading to the compromise of the TAP token vesting contract.
The attacker gained control of the contract’s ownership, enabling them to claim and sell 30 million vested TAP tokens. This incident significantly impacted the TAP/ETH liquidity pool (LP) owned by the DAO.
In addition, the attacker managed to seize control of the USDO stablecoin contract, adding a minter with infinite minting capabilities. This allowed them to drain the USDO/USDC liquidity pool as well, further escalating the damage.
Following the breach, a new owner executed an emergency rescue, withdrawing more than 21 million TAP tokens.
However, a suspicious address managed to swap all the stolen TAP tokens for 591 ETH, causing the TAP token’s value to plummet by 93%.
After liquidating the TAP tokens, the attacker transferred the funds via the Stargate bridge to the Binance Smart Chain (BNB Chain).
🚨ALERT🚨Our system has flagged multiple suspicous transactions involving @tapioca_dao!
It might be possible that @tapioca_dao's deployer address has been compromised and owner of the vesting contract has been changed!
New owner has withdrawn around more than 21M $TAP token… pic.twitter.com/KGc1fpMtAw— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) October 18, 2024
Hacker Address Now Holds About $4.7 Million
Currently, the suspicious address holds around $4.7 million worth of BSC-USD and USDC on the BNB Chain. In total, the attacker stole approximately 591 ETH and 2.8 million USDC, amounting to a loss of nearly $6 million.
The Tapioca DAO team is actively coordinating with key individuals and entities in a “war room” setting to address the situation. They have promised to update the community with further steps once the situation is under control.
Please await the official announcement, Post Mortem, and TAP Token Migration Plan regarding today’s unfortunate events for a “source of truth” on all details surrounding the matter. Take anything stated otherwise as speculation or misinformation.
Please continue to not interact…
— Tapioca Foundation (@tapioca_dao) October 18, 2024
As the investigation continues, the focus remains on mitigating the damage and exploring recovery options for the compromised assets.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any service.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
Image Source: serezniy/123RF// Image Effects by Colorcinch