Tapioca Foundation Proposes 1 Million Reward for Hacker Following 47 Million Breach

2024-10-2112 Views

After a DeFi protocol called Tapioca DAO suffered a $4.7 million exploit, the developers have decided to offer a $1 million bounty to the attacker if they return the remaining funds. On October 20, the Tapioca Foundation sent a message on-chain to the attacker’s wallet, giving them the opportunity to walk away with the bounty without facing any legal consequences if they return the funds. The foundation is offering $1 million USDT in exchange for the remaining $3.7 million, and the attacker has until October 22 at 4 pm UTC to accept the offer. As of now, the hacker has not responded to the bounty, and the protocol has temporarily suspended operations, advising users not to interact with any Tapioca contracts.

The attack on the DeFi protocol occurred on October 18 when one of the co-founders, known as “Rektora,” fell victim to a social engineering attack. This type of attack involves tricking victims into revealing sensitive information or downloading malicious software or clicking on phishing links. Rektora was deceived into downloading malicious software, which allowed the attackers to gain control over the vesting contract for the protocol’s native TAP token. As a result, they were able to withdraw 30 million vested TAP tokens, valued at $1.40 at the time but now worth only $0.01 due to the exploit. Additionally, the attackers also gained control over the USDO stablecoin contract.

In total, the attacker managed to steal approximately $4.4 million, including $2.8 million in USDC and $1.57 million in ETH from the USDO/USDC liquidity pool. The stolen funds were quickly converted into ETH, then USDT, and finally transferred from Arbitrum to the BNB Chain, where they currently remain. However, Matt Marino, a co-founder of Tapioca, claimed to have “hacked” the attacker and recovered 1,000 ETH.

In the past, there have been instances where bounty offers failed to lead to the recovery of stolen funds. For example, crypto exchange WazirX launched a $11.5 million bounty program after losing over $234 million worth of various cryptocurrencies, but the stolen funds have not been recovered, as the attackers have been laundering the loot through platforms like Tornado Cash.

It is worth noting that last year, the DeFi lending protocol Euler Finance successfully recovered over 58,000 ETH that had been stolen in a flash loan attack. The protocol sent an on-chain message demanding the return of the funds and threatened to offer a $1 million reward for any information that could lead to the identification of the attacker if the funds were not returned.

In conclusion, the Tapioca DAO protocol is offering a substantial bounty to the attacker in hopes of recovering the remaining funds. However, it remains uncertain whether the attacker will accept the offer and return the stolen funds.

You May Also Like

Leave a Reply Cancel reply