Tapioca DAO, a decentralized money market protocol on LayerZero, was the victim of a security breach, resulting in their native TAP token losing over 90% of its value. The attack occurred on Oct. 18 when the protocol’s deployer address was compromised, allowing the attacker to make unauthorized changes to the vesting contract’s ownership. The attacker exploited this vulnerability to withdraw over 21 million TAP tokens using an emergency rescue function, leading to the token crashing by 93%. Additionally, the attacker used Stargate to bridge some stolen assets to the BNB Chain, where they currently hold approximately $4.7 million worth of BSC-USD and USDC.
Cyvers, a blockchain security firm, estimates the total losses from the breach to be around $16.9 million, though Web3 security auditor Hacken suggested the figure could be as high as $38 million. In the wake of the attack, Hacken warned users to be cautious of phishing attempts as malicious actors are circulating fake links promising refunds while urging users to revoke their accounts. They cautioned users to stay vigilant and protect their assets from potential threats.
Despite the breach, Tapioca DAO has yet to issue a public statement as of press time. On-chain investigator ZachXBT speculated that the hack may be related to malware downloaded by a team member, linking it to a series of recent hacks targeting other projects. These attacks, including ones on Nexera, Concentric, Masa, and others, are believed to be part of a larger operation involving fake job scams potentially connected to state-sponsored threat actors from North Korea. However, there is currently no conclusive evidence linking the Tapioca breach to North Korea.
Tapioca DAO is a DeFi money market and stablecoin project that operates on Layer Zero’s cross-chain infrastructure. The protocol aims to provide decentralized financial services to users, allowing them to borrow, lend, and earn interest on their assets. The security breach highlights the importance of robust security measures in the DeFi space to protect user funds and prevent unauthorized access to sensitive information.
As the investigation into the breach continues, users are advised to exercise caution and be wary of potential phishing attempts or suspicious links. It is crucial for users to remain vigilant and take measures to safeguard their assets from potential threats in the DeFi ecosystem. While the exact impact of the breach on Tapioca DAO and its users remains to be seen, it serves as a reminder of the risks associated with decentralized finance and the need for proactive security measures to mitigate vulnerabilities and protect user funds.
