Tapioca Foundation Offers $1M Bounty for DeFi Protocol Attacker

crypto scam DeFi
The $1 million bounty is considerably higher than the typical 10% bounty offered in such cases.
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
For over a decade, Cryptonews has covered the cryptocurrency industry, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

The Tapioca Foundation has extended a $1 million bounty to the attacker responsible for stealing $4.7 million from its decentralized finance (DeFi) protocol.

The foundation described the incident as a “social engineering attack,” which led to the significant loss.

In an on-chain message sent on October 20, Tapioca addressed the attacker directly, offering a settlement that would allow the attacker to walk away with $1 million in Tether (USDT), no strings attached.

Tapioca Requests Return of Remaining $3.7M

The $1 million bounty is considerably higher than the typical 10% bounty offered in such cases.

In exchange, the foundation requested the return of the remaining $3.7 million.

The attack, which took place on October 18, involved the theft of 591 Ether (ETH) and $2.8 million in USD Coin (USDC).

According to Tapioca, the attacker exploited a vulnerability in the vesting contract for its TAP token and the UDSO stablecoin.

The attacker managed to claim and sell vested TAP tokens and then manipulated the USDO stablecoin by adding a minter to create an infinite supply, draining a liquidity pool of USDO and USDC.

Tapioca co-founder Matt Marino revealed more details in a message on the project’s Discord channel.

He explained that his fellow co-founder, pseudonymously known as “Rektora,” had been phished during an interview process.

Rektora inadvertently downloaded malicious software that altered a transaction, giving the attacker access to critical contracts.

In a surprising twist, Marino later announced that Tapioca had managed to “hack the hacker” and recover 1,000 ETH, worth more than $2.7 million, which had been collateral backing the USDO stablecoin in a liquidity pool.

Despite the recovery of some funds, the attack caused significant damage to the TAP token’s value.

Prior to the incident, TAP was trading at around $1.40. Following the attack, it plummeted to just 2 cents, according to CoinGecko.

The attacker’s wallet still holds funds on the BNB Chain, but it remains to be seen whether they will return the remaining stolen assets.

Crypto Users Lose $46M to Phishing Scams in September

Phishing attacks remain a major issue for crypto users, resulting in substantial losses.

In September alone, more than 10,000 individuals lost over $46 million to such scams, as reported by Scam Sniffer, a Web3 anti-scam platform.

The platform revealed that 10,805 victims suffered losses amounting to $46.7 million from various crypto phishing scams last month.

Just recently, it was revealed that cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

In another instance, a fraudulent crypto wallet app on Google Play has stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.

The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.

More Articles

Altcoin News
Pudgy Penguins to Launch New Token Called PENGU
Tanzeel Akhtar
Tanzeel Akhtar
2024-12-06 08:24:48
Bitcoin News
BlackRock and MARA Holdings Acquire Over 9k Bitcoin Amid Price Dip Below $93k
Ruholamin Haqshanas
Ruholamin Haqshanas
2024-12-06 07:01:45
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors