Tapioca Hacked for $4.5 Million, Token Price Drops 98%
The Tapioca market maker solution was hacked, resulting in a large loss of assets and a serious impact on the token price.
On the afternoon of October 19, the Tapioca project was hacked by a bad actor who took control of the TAP token unlock contract. The hacker took 30 million TAP that were expected to be allocated to investors and then dumped them on the market. Due to the large amount of sales, the TAP price dropped from $1.4 to $0.04, causing the value of the stolen tokens to drop from $43.8 million to less than $3 million.
Not stopping there, the hacker also attacked the USDO stablecoin contract to mint an unlimited amount of USDO and then withdrew money from the USDO/USDC pool.
In total, the damage from the above incident was 591 ETH and $2.8 million - worth a total of $4.5 million.
Tapioca's TAP token price movement over the past 7 days, screenshot from CoinMarketCap at 09:15 AM on 10/19/2024
The project has advised users to revoke wallet access to Tapioca's smart contracts until the incident is resolved.
Tappicao claims to be working with Web3 security organizations to trace the flow of funds and restore assets. The project also does not rule out the possibility of reissuing new TAP tokens to remedy the consequences.
On-chain data shows that Tapioca has moved 1,000 ETH, worth over $2.6 million, to a new wallet for protection. A representative of security unit Fuzzland revealed to The Block that Tapioca's fund still has $4.2 million in assets.
According to on-chain detective ZachXBT, the attack may have originated from the project team accidentally clicking on a malicious link, thereby exposing the private key to the bad guys. ZachXBT also pointed out that the Tapioca incident is related to a series of recent similar attacks by Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, MurAll, etc.
ZachXBT also did not rule out the possibility that the culprits behind the incident were North Korean hackers, who often use fake identities to apply for jobs at cryptocurrency projects, from there infiltrating internally or sending malicious links to take over smart contracts, as pointed out by CoinDesk in a recent investigative report.