Suspicion of North Korean links due to alleged $5 million violation of Tapioca DAO
Tapioca DAO, LayerZero’s decentralized money market protocol, suffered a security breach on October 18, causing the native TAP token to lose more than 90% of its value.
Blockchain security company Cyvers revealed that the protocol’s distributor address had been compromised, resulting in an unauthorized change of ownership of the vesting contract.
attack
Attackers exploited this vulnerability to use the emergency rescue function to withdraw over 21 million TAP tokens. The token was then exchanged for 591 ETH, which caused TAP to crash by 93%.
Further investigation revealed that the attackers used Stargate to link some of the stolen assets to the BNB chain. As of press time, the suspicious address holds approximately $4.7 million worth of BSC-USD and USDC on the BNB chain.
Cybers estimates total losses from the breach to be approximately $16.9 million. However, Web3 security auditor Hacken suggested this figure could be as high as $38 million.
In the aftermath of the attack, Hacken warned users about phishing attempts. Malicious users have been known to spread fake links promising refunds and urging users to cancel their accounts.
The security company warned:
“We discovered a fake account impersonating Tapioca_dao posting phishing links under this thread. Do not interact with suspicious links or messages claiming to be from Tapioca. Always be alert and protect your assets.”
Tapioca DAO, which is building DeFi money markets and stablecoins on Layer Zero’s cross-chain infrastructure, has not yet issued a public statement on the breach as of press time.
North Korea connection
On-chain investigator ZachXBT speculated that the Tapioca DAO hack could be linked to malware downloaded by team members.
He noted that this attack may be related to a series of recent hacks targeting projects such as Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll.
ZachXBT notes that these attacks are part of a larger operation involving fake job scams and are potentially linked to state-sponsored threat actors in North Korea. However, as of press time, there is no conclusive evidence linking the tapioca leak to North Korea.