Crypto News

Tapioca DAO Suffers Major Social Engineering Attack, Resulting In $6M Loss

Tapioca DAO has fallen victim to a severe social engineering attack, leading to the compromise of the TAP token vesting contract.

The attacker gained control of the contract’s ownership, enabling them to claim and sell 30 million vested TAP tokens. This incident significantly impacted the TAP/ETH liquidity pool (LP) owned by the DAO.

In addition, the attacker managed to seize control of the USDO stablecoin contract, adding a minter with infinite minting capabilities. This allowed them to drain the USDO/USDC liquidity pool as well, further escalating the damage.

Following the breach, a new owner executed an emergency rescue, withdrawing more than 21 million TAP tokens.

However, a suspicious address managed to swap all the stolen TAP tokens for 591 ETH, causing the TAP token’s value to plummet by 93%.

After liquidating the TAP tokens, the attacker transferred the funds via the Stargate bridge to the Binance Smart Chain (BNB Chain).

Hacker Address Now Holds About $4.7 Million 

Currently, the suspicious address holds around $4.7 million worth of BSC-USD and USDC on the BNB Chain. In total, the attacker stole approximately 591 ETH and 2.8 million USDC, amounting to a loss of nearly $6 million.

The Tapioca DAO team is actively coordinating with key individuals and entities in a “war room” setting to address the situation. They have promised to update the community with further steps once the situation is under control.

As the investigation continues, the focus remains on mitigating the damage and exploring recovery options for the compromised assets.

Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any service.

Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!

Image Source: serezniy/123RF// Image Effects by Colorcinch

Leave a Comment

Your email address will not be published. Required fields are marked *

*