On October 18, the decentralized money market protocol on Layerzero, Tapioca DAO, suffered a security breach. A naive Tapioca DAO team member enhanced the cyber attack, leading to about $4.7 million in losses. As of the time of the report, the stolen funds are in a BNB Chain.
Devastated by the loss and the number of affected customers in the line, the firm desperately offered $1 million to the individual who perpetuated the cyber theft, as against the conventional one-tenth rule. Notably, the platform announced the bounty offer via an on-chain message directed to the attacker on October 20.
Tapioca DAO Cyber Attack
Leveraging the social media platform Discord, the unsuspecting attacker manipulated his way through the tight mechanics of the cryptocurrency firm, stealing over 90% of the TAP token, the platform's native currency.
By creating a favorable scamming environment, the cyber manipulator tricked the vulnerable team member into revealing crucial details that led to the dispossession of about 30 million TAP tokens initially placed on investment.
Per investigational findings, each TAP token had an intrinsic value of approximately $1.40 during the attack launch. The scammer also accessed the stable contract featuring the USDO/USDC trading pair and stole a cumulative $4,405,600 ($1,575,606 in ETH and about $2.8M in USDC).
Following the successful invasion, the hacker converted the proceeds to Ethereum afterward and swapped them for USDT. As earlier stated, he has since moved the USDT to a BNB Chain.
According to ZachXBT, an on-chain investigation firm, there is a high suspicion that the cyber theft stemmed from unprotected software mistakenly installed by a Tapioca employee.
Tapioca DAO Issues Safety Precautions
To mitigate losses from the cyber hack, the firm transferred the untampered $2.7 million assets to "DAO multi-sig," which offers a high-security network. The exceptional security of multi-signature wallets stems from various authorized wallets regulation.
The firm further advised its customers on the dangers of fake links, stating that they are one of the most unsuspecting routes of carrying out scamming projects. In addition, users should monitor their wallets and report suspicious activities to the appropriate authorities.