Highlights:
- Tapioca DAO loses $4.5 million after hackers exploit its vesting contract causing a 97% drop in TAP token value.
- Hackers used social engineering to access private keys, compromising 30 million TAP tokens and draining crypto assets.
- Tapioca DAO secures $2.7 million in ETH post-attack with support from security firms to prevent further losses.
Tapioca DAO, a decentralized finance platform, recently faced a major security breach. Its system was hacked and $4.5 million worth of digital assets was stolen. The TAP token and the vesting contract in the platform were all the targets of the attack and suffered huge losses.
Tapioca DAO has suffered a social engineering attack. This enabled the attacker to compromise the TAP token vesting contract’s ownership which allowed the attacker to claim and sell this 30M vested TAP, which impacted the TAP/ETH DAO owned LP. The attacker then also comprised the…
— Tapioca Foundation (@tapioca_dao) October 18, 2024
How the Hacker Executed the Attack
Tapioca DAO reported that the hacker used a social engineering tactic. The attacker was able to trick a team member using Discord, convincing them to reduce security measures. The hacker gained control over the TAP tokens by breaking into the wallet interface and accessing the wallet itself.
Some experts speculate that the attacker somehow got the private keys. Such attacks demonstrate the vulnerabilities that exist on decentralized platforms such as DAOs.
Recovery Efforts and Security Measures
Additionally, the hacker drained $2.8 million in USDC and $1.57 million in Ethereum. They swiftly converted them to USDT and bridged those assets from Arbitrum to the Binance Smart Chain. Stolen assets amount to $4.4 million still on the BNB Chain, according to analysts.
Tapioca DAO responded immediately by sending 1,000 ETH, valued at around $2.7 million, to a release multisig wallet. The purpose of this action was to preserve funds and avoid further losses.
The Tapioca Foundation asked users not to deal with any platform contracts until further notice. They urged users to revoke permissions and avoid scam links. They advised users to keep a close eye on their wallets and report any suspicious activities.
TAP Token Value Crashes After Breach
The attacker was able to steal 30 million TAP, which before the hack had a value of $1.4 per token. The tokens were sold quickly, leading to their value crashing by 97%. At present, TAP tokens are trading at less than $1.4 after recovery from the attack. The attack led to panic selling of these assets, sending the price down even further.
Increased Security Concerns in the Crypto Community
The Tapioca DAO incident is not the only attack that has happened in the cryptocurrency sector. Decentralized platforms are increasingly targeted by social engineering and other sophisticated techniques. To limit this risk, experts advise DAOs to adopt stricter access controls, as well as multi-layer security systems.
The Tapioca DAO breach highlights key DAO security and community governance concerns. In the recent past, Platforms such as Radiant Capital and EigenLayer have also reported hacks, In which Radiant Capital lost approximately $50 million due to malware attacks. According to crypto analysts, platforms should conduct thorough security audits and have strong protection measures to stop such incidents.
Tapioca DAO responded by saying that it would release a post-mortem report describing the breach. The report will explain how the attack was carried out, and the platform’s recovery plan will be outlined. Tapioca DAO has advised users to wait for official updates from its official communication channels.