Tapioca Foundation has announced a $1 million bounty for the hacker who stole $4.7 million from their DeFi protocol. The offer aims to incentivize the return of the remaining $3.7 million.
Attack on Tapioca Foundation
The incident occurred on October 18. The hacker executed a breach using social engineering, stealing 591 ETH and $2.8 million in USD Coin (USDC). The attacker exploited the vesting contract for Tapioca DAO Token (TAP) and the USDO stablecoin, gaining control of the assets and draining liquidity pools.
Efforts to Recover Funds
The foundation believes the attack was initiated through a phishing scheme targeting one of its co-founders. According to co-founder Matt Marino, a fellow co-founder known as 'Rektora' downloaded malicious software, allowing the attacker to replace a legitimate transaction with a malicious one. Subsequently, the hacker withdrew approximately 30 million TAP tokens, swapped them for $1.5 million worth of ETH, and converted it into USDT.
Tapioca Foundation's Response
The Tapioca team managed to recover 1,000 ETH, worth over $2.7 million, from the collateral backing the USDO stablecoin. While this recovery is a partial success, the TAP token's value has plummeted since the attack. The bounty offer remains open, although the attacker’s intentions are still unclear.
The $1 million bounty offered by the Tapioca Foundation highlights the seriousness of the incident and their commitment to recovering the stolen funds. This case further underscores the risks associated with DeFi protocols.