the theft of $4.7M, significantly impacting the TAP token's value.
The Tapioca Foundation has announced a $1 million bounty for the return of $3.7 million stolen during a recent social engineering attack on its decentralized finance (DeFi) protocol. The attack on October 18 resulted in significant losses for the foundation, including 591 Ether (ETH) and $2.8 million in USD Coin (USDC).
In a direct on-chain message to the attacker, Tapioca extended the bounty as part of a settlement that promises no strings attached, hoping to recover the stolen funds.
Tapioca identified the theft due to a vulnerability exploited in the vesting contract associated with its TAP token and USDO stablecoin. The attacker gained unauthorized access, allowing them to claim and sell vested TAP tokens.
Additionally, they manipulated the USDO stablecoin by adding a minter, creating an infinite supply that drained a liquidity pool for USDO and USDC. This breach compromised the foundation's financial security and led to a drastic decline in the value of the TAP token, which dropped from approximately $1.40 to just 2 cents.
Co-founder Matt Marino elaborated on the attack's nature in a Discord message. He explained that a fellow co-founder, operating under the pseudonym "Rektora," fell victim to phishing during an interview. Rektora inadvertently installed malicious software that altered transaction details, giving the attacker access to critical smart contracts. It also shows that users in the cryptocurrency sector remain exposed to risks, which calls for a more enhanced emphasis on security.
Following the attack, Tapioca strived to recover some of the stolen assets. In an unexpected turn of events, the foundation reported that it had "hacked the hacker," successfully retrieving 1,000 ETH, valued at over $2.7 million. This recovery stemmed from collateral backing the USDO stablecoin within a liquidity pool. Despite this recovery, the attack's fallout severely impacted the TAP token's market performance.
The cryptocurrency market remains sensitive to incidents like these, and the attack has raised concerns regarding the integrity of DeFi protocols. Market risks can occur through lowered investors' confidence following such incidents as identity thefts, thus volatility. The current situation with the TAP token's extreme depreciation is another sad tale of investing in digital assets, especially when scammers use phishing and social engineering attacks.