Tapioca DAO has reported that it was targeted in a social engineering attack, resulting in the compromise of its TAP token vesting contract. This breach allowed attackers to sell off 30 million vested TAP tokens. The incident came to light after a blockchain security firm detected unusual activity associated with Tapioca DAO.
Details of the Attack
On October 18, Tapioca DAO, a decentralized money market protocol operating on Layerzero, confirmed the security breach. The attackers exploited a vulnerability, enabling them to take over the TAP token vesting contract and execute significant transactions.
The security firm Cyvers was the first to highlight the suspicious activity, noting that the attacker withdrew over 21 million TAP tokens using emergency recovery protocols. They then converted these tokens into approximately 591 ETH before bridging the funds to the BNB Chain.
Financial Impact
Cyvers estimated that the attacker’s assets on the BNB Chain totaled around $4.7 million in BSC-USD and USDC. However, Tapioca DAO officially reported losses of 591 ETH and 2.8 million USDC. In response, the protocol has indicated that it is actively addressing the situation and has set up a dedicated “war room” with key stakeholders to manage the fallout.
Tapioca DAO urged users to refrain from interacting with any of its contracts or tokens until further updates are provided. They emphasized the importance of relying on official announcements regarding the incident.
Misinformation Warning
In a subsequent statement, Tapioca DAO advised users to consider only the official communication, post-mortem report, and TAP token migration plan as trustworthy sources of information. They cautioned against believing any other claims, labeling them as misinformation.
The protocol is committed to keeping the community informed as they work to resolve the issue.