Tapioca Foundation Offers $1M Bounty After $4.7M DeFi Heist
The Tapioca Foundation, a cryptocurrency project, has fallen victim to a sophisticated social engineering attack, resulting in the theft of $4.7 million. The attack, which occurred on October 18, 2024, compromised the project’s vesting contract management system, leading to significant losses in Ethereum (ETH) and USD Coin (USDC).
Tapioca DAO has suffered a social engineering attack. This enabled the attacker to compromise the TAP token vesting contract’s ownership which allowed the attacker to claim and sell this 30M vested TAP, which impacted the TAP/ETH DAO owned LP. The attacker then also comprised the…
— Tapioca Foundation (@tapioca_dao) October 18, 2024
According to Matt Marino, co-founder of Tapioca Foundation, the attack stemmed from a phishing scam targeting the project’s other co-founder, who operates under the pseudonym Rektora. During a job interview, Rektora unknowingly downloaded malware, which enabled the hacker to manipulate a legitimate transaction. This allowed the attacker to gain control over the vesting contract management system, granting them access to the project’s smart contracts and substantial funds.
The stolen assets included 591 Ethereum (ETH) and $2.8 million in USD Coin (USDC), both of which were critical to the project’s financial infrastructure. Additionally, the hacker siphoned off 30 million TAP tokens, which they converted into ETH and eventually exchanged for USDT. These funds were later transferred to the BNB Chain network, where they remain unclaimed.
Despite the severity of the breach, the Tapioca Foundation team managed to partially recover some of the stolen funds. Marino confirmed that the team retrieved 1000 ETH, valued at approximately $2.7 million, from the USDO stablecoin’s collateral pool. This quick action helped prevent further financial damage, but a significant portion of the stolen assets is still at large.
In an effort to reclaim the stolen funds, Tapioca Foundation has taken the unusual step of negotiating with the hacker. The company is offering a $1 million bounty in Tether (USDT) if the remaining $3.7 million is returned. This figure is far higher than the industry standard bounty, which usually constitutes 10% of the total stolen funds.
The offer reflects the severity of the incident and the foundation’s urgent need to recover the funds to stabilize its operations. However, whether the hacker will respond to the offer remains unclear.
The incident significantly impacted the value of the TAP token, causing its price to plummet from $1.40 to 2 cents, according to data from the analytics platform CoinGecko.
