Key Points:

• Tapioca DAO suffered a security breach on October 18, resulting in the theft of approximately $4.5 million in cryptocurrencies.
• The team is considering reissuing a new TAP token to mitigate the impact of the Tapioca DAO attack.

Tapioca DAO is a decentralized money market protocol created on LayerZero, which faced a significant security breach on October 18 and saw an estimated theft of approximately $4.5 million in various cryptocurrencies.

Read more: Radiant: What’s So Special About Arbitrum’s Full-chain Lending Marketplace?

Tapioca DAO Attack Took Place Due to Security Vulnerability

The Tapioca DAO attack made the value of the native token TAP sink below less than 10% of its value. According to blockchain security firm Cyvers, the breach came from a protocol deployer address compromise.

After access was obtained, the attacker changed the ownership of the vesting contract, enabling him to sell off 30 million vested TAP tokens. Those tokens, which were once valued for approximately $1.40 each, are less than $0.04 now. If that wasn't enough, the attacker even went ahead to target the USDO stablecoin contract to amplify the financial damage.

In total, the attacker has siphoned some $4,405,600 comprising: $2.8 million in USDC and $1,575,606 drained from USDO/USDC liquidity pool. These stolen proceeds of the Tapioca DAO attack were first converted to ETH and then to USDT and bridged from Arbitrum to BNB Chain, where they remain at the time of writing.

The Tapioca DAO team has wasted no time in taking immediate action to recover the lost funds. Thus far, they have managed to transfer 1,000 ETH from a vault into a multisig wallet. This was part of the collateral for its Big Bang Origins and was an essential step in preventing further losses.

Recovery Actions in Full Play as Team Cooperates with Security Experts

Preliminary investigations into the Tapioca DAO attack suggest that this could have been the result of a phishing link that the project team inadvertently interacted with, exposing their private keys. Interestingly, on-chain detective ZachXBT pointed at North Korean hackers, given their penchant for such tactics to infiltrate cryptocurrency projects.

All that being said, Tapioca DAO has cooperated with the likes of Web3 security companies for tracing the flow of stolen funds in recovering its assets. Conjecturally, reissuing a new TAP token was a consideration to mitigate the aftermath of this breach.

Several other DeFi protocols have lost to similar phishing attacks of late, including the likes of Radiant Finance, which had more than $50 million go up in smoke in a separate breach.