- The Tapioca Foundation reported that an exploiter—possibly a North Korean hacker—was able to access the private keys through a social engineering attack that depleted $4.4 million in cryptocurrency.
- The group recovered assets that the exploiter had overlooked by collaborating with other agencies and the SEAL911 emergency response team.
The price of TAP token fell by more than 95% as a result of a significant exploit that the Tapioca DAO experienced. A total of $4.5 million worth of cryptocurrency was taken, but the team says it is working with web3 security company Fuzzland and other partners to retrieve the money.
It is recommended that all present users of the Tapioca DAO Platform rescind their approvals of our contracts until the recent Compromise has been handled. If you experience any problems withdrawing permissions, please contact website support.
The foundation claims that the attacker was able to breach the token’s vesting contract, granting him the ability to sell both the USDO stablecoin contract and the 30 million vested TAP tokens, which were formerly valued at about $1.40 but are currently worth less than $0.04.
Approximately $4,405,600 was taken by the attacker in total, which included $2.8 million in USDC and $1,575,606 that was taken out of the USDO/USDC liquidity pair. The pilfered money was exchanged for ETH, then USDT, and finally it was bridged from Arbitrum to BNB Chain, where it is currently located as of this writing.
A decentralized money market system called Tapioca, which is built on LayerZero, allows users to borrow cryptocurrency across several blockchains. Users can transfer wrapped assets between networks using Tapioca Omnichain Fungible Tokens (TOFTs) and the stablecoin USDO.
Fuzzland believes that social engineering is most likely how the attacker got hold of the private keys. The co-founder of Tapioca, Matt Marino, posted on Discord that 0xRektora was misled into letting down his guard and connecting the hardware wallet that the attacker used to take control of Tapioca after he was informed about a friend being employed.
Here, North Korea is consistently the trash collector, reiterating ZachXBT’s assertion that the situation is complex and that there is no proof of a connection to the Hermit Kingdom.
The attacks stemmed from impersonation schemes, in which actors from North Korea pretended to be vendors or interview subjects in order to obtain information that would allow them to steal money. Numerous reports and a recent CoinDesk study indicate that this kind of infectious interview scam is becoming more common in the cryptocurrency space.
Getting money back?
The foundation stated that it has organized and is working in a war room with the people and organizations that need to move forward. Once the issue is under control, it will communicate with us about next measures.
Tony said that he was part of the war room team that helped them retrieve some of the money that the hacker missed. Tony is a security engineer at Fuzzland and a volunteer member of the emergency response squad SEAL911, he said.
The group transferred 1,000 ETH, or roughly $2.7 million, from a vault to the DAO multisig, a secure area, according to Marino on Discord. In Big Bang Origins, the 1000 ETH served as DAO collateral to mint USDO for the USDO/USDC LP.
By first authorizing the Multicall, which allows anyone to take these assets away, the team made an effort to save these assets. Fortunately, nobody discovered and they were still able to save these assets.
None of the stolen assets have, however, been found by the response team as of yet. The DAO has $4.2 million in its treasury as of right now.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.