Tapioca offers $1M to ‘social engineering’ attacker who stole $4.7M
The Tapioca Foundation has offered a $1 million bounty to an attacker who stole $4.7 million from its decentralized finance protocol in what it has called a “social engineering attack.”
“We would like to offer you an attractive bounty settlement where you would walk away with funds that are fully legally yours, no strings attached,” Tapioca wrote in an Oct. 20 onchain message to the attacker’s crypto wallet.
It offered $1 million in Tether ( USDT ) — which it said was “significantly higher than the normal 10%” offered in bounties — in exchange for the attacker returning the remaining $3.7 million.
In an Oct. 18 X post , Tapioca said it had “suffered a social engineering attack” where the attacker stole 591 Ether ( ETH ) and $2.8 million worth of USD Coin ( USDC ).
It explained the attack compromised the ownership of the vesting contract for its Tapioca DAO Token (TAP) and the USDO stablecoin.
The attacker was able to claim and sell vested TAP and “added a minter to infinite mint USDO and drain” a liquidity pool for USDO and USDC.
Source: Tapioca Foundation
Tapioca co-founder Matt Marino said in an Oct. 19 message on the project’s Discord that pseudonymous fellow co-founder “Rektora” was phished .
He added that Rektora “downloaded something during an interview process,” and the software replaced a transaction with a malicious one, which is how the attackers gained access to the contracts.
In a later Discord post on Oct. 19, Marino said it had “hacked the hacker” and recovered 1,000 ETH, currently worth over $2.7 million, which was collateral backing the USDO stablecoin for a liquidity pool.
Related: Radiant Capital hacker compromised developers’ devices — post-mortem
In the Oct. 18 attack, the attacker withdrew nearly 30 million TAP tokens from the vesting contract, swapped them for about $1.5 million worth of ETH, converted that into USDT and sent the funds to the BNB Chain , where they still remain, transactions in the attacker’s wallet show.
The attack has seen the TAP token effectively lose all its value. It’s currently trading at 2 cents, down from the around $1.40 it was trading at prior to the attack, according to CoinGecko.
Magazine: Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Hackers are targeting Australia’s largest pension funds
Share link:In this post: Hackers targeted major Australian superannuation funds, stealing $500,000 from a few accounts and exposing personal data. Authorities and financial institutions are responding to the breach, urging members to check accounts and update passwords. Credential stuffing using stolen passwords is suspected in the attacks, prompting warnings to use unique logins and enable multifactor authentication.
Meta to end third-party fact-checking in U.S. on April 7
Share link:In this post: Meta will shut down its U.S. third-party fact-checking program on April 7, 2025, ending partnerships with groups like PolitiFact. It will be replaced by Community Notes, a system that lets users add context to posts without triggering penalties. Zuckerberg criticized the old system as biased and overly censorious, and said the change aims to support free speech. Meta is also relocating its moderation teams to Texas, a move some experts say is politically motivated.
Crypto Today: Altcoins Find New Buyers as Microsoft, Apple and Nvidia Lose $1 Trillion in 3 Days
Cardano Approaching First Death Cross: What’s Next for ADA Price?
Trending news
MoreCrypto prices
More
