North Korea links suspected in $5 million breach of Tapioca DAO

Tapioca DAO, a decentralized money market protocol on LayerZero, suffered a security breach on Oct. 18, causing its native TAP token to lose more than 90% of its value.

Blockchain security firm Cyvers revealed that the protocol‘s deployer address was compromised, resulting in unauthorized changes to the vesting contract’s ownership.

The attack

The attacker exploited the vulnerability to withdraw more than 21 million TAP tokens using an emergency rescue function. The tokens were then swapped for 591 ETH, which caused TAP to crash 93%.

Further investigation revealed that the attacker used Stargate to bridge some of the stolen assets to BNB Chain. As of press time, the suspicious address holds roughly $4.7 million worth of BSC-USD and USDC on the BNB Chain.

Cyvers estimates the total losses from the breach to be approximately $16.9 million. However, Web3 security auditor Hacken suggested the figure could be as high as $38 million.

In the aftermath of the attack, Hacken warned users of phishing attempts. Malicious actors are reportedly spreading fake links that promise refunds while urging users to revoke their accounts.

The security firm warned:

“Weve noticed fake accounts impersonating Tapioca_dao posting phishing links under this thread. Please do not interact with any suspicious links or messages claiming to be from Tapioca. Stay vigilant and protect your assets.”

Tapioca DAO, which is building a DeFi money market and stablecoin on Layer Zeros cross-chain infrastructure, has yet to issue a public statement regarding the breach as of press time.

North Korea connection

On-chain investigator ZachXBT speculated that the Tapioca DAO hack could be linked to malware downloaded by a team member.

He pointed out that this exploit may be related to a series of recent hacks targeting projects like Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll.

ZachXBT pointed out that these attacks are part of a larger operation involving fake job scams, potentially connected to state-sponsored threat actors from North Korea. However, there is no conclusive evidence linking the Tapioca breach to North Korea as of press time.