The Tapioca Foundation has offered a $1 million bounty to an attacker who stole $4.7 million from its decentralized finance protocol in what it has called a “social engineering attack.”
“We would like to offer you an attractive bounty settlement where you would walk away with funds that are fully legally yours, no strings attached,” Tapioca wrote in an Oct. 20 onchain
message
to the attacker’s crypto wallet.
It offered $1 million in Tether (
USDT
) — which it said was “significantly higher than the normal 10%” offered in
bounties
— in exchange for the
attacker
returning the remaining $3.7 million.
In an Oct. 18 X
post
, Tapioca said it had “suffered a social engineering attack” where the attacker stole 591 Ether (
ETH
) and $2.8 million worth of USD Coin (
USDC
).
It explained the attack
compromised the ownership
of the vesting contract for its Tapioca DAO Token (TAP) and the USDO stablecoin.
The attacker was able to claim and sell vested TAP and “added a minter to infinite mint USDO and drain” a liquidity pool for USDO and USDC.
Source:
Tapioca Foundation
Tapioca co-founder Matt Marino said in an Oct. 19
message
on the project’s Discord that pseudonymous fellow co-founder “Rektora” was
phished
.
He added that Rektora “downloaded something during an interview process,” and the software
replaced a transaction
with a malicious one, which is how the attackers gained access to the contracts.
In a later Discord
post
on Oct. 19, Marino said it had “hacked the hacker” and recovered 1,000 ETH, currently worth over $2.7 million, which was collateral backing the USDO stablecoin for a liquidity pool.
Related:
Radiant Capital hacker compromised developers’ devices — post-mortem
In the Oct. 18 attack, the attacker withdrew nearly 30 million TAP tokens from the vesting contract, swapped them for about $1.5 million worth of ETH, converted that into USDT and sent the funds to the
BNB Chain
, where they still remain, transactions in the attacker’s wallet show.
The attack has seen the TAP token effectively lose all its value. It’s currently trading at 2 cents, down from the around $1.40 it was trading at prior to the attack,
according
to CoinGecko.
Magazine:
Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims
Related Posts
Add A Comment