You are currently viewing North Korea links suspected in $5 million breach of Tapioca DAO

Tapioca DAO, a decentralized money market protocol on LayerZero, has suffered a security breach that crashed its native TAP token by more than 90%.

On Oct. 18, blockchain security firm Cyvers revealed that the protocol’s deployer address was compromised, resulting in unauthorized changes to the vesting contract’s ownership.

The attack

The attacker exploited this vulnerability to withdraw more than 21 million TAP tokens using an emergency rescue function. The tokens were then swapped for 591 ETH, which caused TAP to plummet by 93%.

Further investigation revealed that the attacker used Stargate to bridge some of the stolen assets to the BNB Chain. At the time of writing, the suspicious address holds roughly $4.7 million worth of BSC-USD and USDC on the BNB Chain.

Meanwhile, Cyvers estimates the total losses from the breach to be approximately $16.9 million. However, Web3 security auditor Hacken suggested the figure could be as high as $38 million.

In the aftermath of the attack, Hacken warned users of phishing attempts. Malicious actors are reportedly spreading fake links that promise refunds while urging users to revoke their accounts.

The security firm warned:

“We’ve noticed fake accounts impersonating Tapioca_dao posting phishing links under this thread. Please do not interact with any suspicious links or messages claiming to be from Tapioca. Stay vigilant and protect your assets.”

Tapioca DAO, which is focused on building a DeFi money market and stablecoin on Layer Zero’s cross-chain infrastructure, has yet to issue a public statement regarding the breach as of press time.

North Korea connection

On Telegram, on-chain investigator ZachXBT speculated that the Tapioca DAO hack could be linked to malware downloaded by a team member.

He pointed out that this exploit may be related to a series of recent hacks targeting projects like Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll.

ZachXBT pointed out that these attacks are part of a larger operation involving fake job scams, potentially connected to state-sponsored threat actors from North Korea. However, there is no conclusive evidence linking the Tapioca breach to North Korea as of press time.

The post North Korea links suspected in $5 million breach of Tapioca DAO appeared first on CryptoSlate.