Panic grips the decentralized finance (DeFi) community as Tapioca DAO, a promising money market protocol built on LayerZero, reels from a devastating security breach. Millions of dollars worth of its native TAP token have evaporated into the blockchain ether, leaving investors reeling and investigators scrambling to uncover the perpetrators.
On Friday, the DeFi world watched in disbelief as the value of Tapioca DAO’s TAP token plummeted by over 90%. Blockchain security firm Cyvers issued an urgent alert, its tweet a stark chronicle of the unfolding disaster: “🚨ALERT🚨Our system has flagged multiple suspicious transactions involving @tapioca_dao! It might be possible that @tapioca_dao’s deployer address has been compromised…”
The firm’s analysis revealed the chilling details: the protocol’s deployer address, the key to the kingdom, had fallen into hostile hands. The attackers wasted no time. Exploiting their newfound control, they manipulated the vesting contract’s ownership and siphoned over 21 million TAP tokens using an “emergency rescue” function – a feature ironically designed for unforeseen crises, now weaponized against the protocol itself.
The stolen tokens were swiftly swapped for 591 ETH, triggering the catastrophic price crash. The attackers then used the cross-chain bridge Stargate to move their ill-gotten gains to the BNB Chain, where they amassed a hoard of $4.7 million in BSC-USD and USDC.
Estimates of the total damage vary. Cyvers placed the losses at $16.9 million, while fellow security auditor Hacken painted a grimmer picture, suggesting the figure could reach as high as $38 million. Adding insult to injury, opportunistic scammers emerged from the woodwork, preying on the chaos with phishing scams disguised as refund offers. Hacken warned users to remain vigilant, highlighting the insidious nature of these attacks.
As the dust settled, a disturbing theory began to circulate. On-chain sleuth ZachXBT posited a connection between the Tapioca DAO hack and a string of recent exploits targeting other crypto projects.
He suggested a common thread: malware, potentially delivered through sophisticated job scams orchestrated by state-sponsored North Korean hackers. While the link to North Korea remains speculative, the possibility adds a geopolitical dimension to the already complex narrative.
Tapioca DAO, meanwhile, remained silent, offering no public statement in the immediate aftermath of the attack. The silence only amplified the anxieties of the DeFi community, left to grapple with the unsettling implications of the breach. The incident serves as a stark reminder of the persistent vulnerabilities in the rapidly evolving world of decentralized finance, where fortunes can be made and lost in the blink of an eye.
Read More
- TD Bank Caught Red-Handed… Laundering Money, But I thought Its Crypto?
- Crypto.com Launches Legal Challenge to SEC’s Crypto Crackdown
- DeFi Projects Under Attack: EigenLayer Loses Nearly $6M While K9 Finance Reveals Security Threat
Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.