After a $4.7 million exploit hit the DeFi protocol Tapioca DAO, the builders have put up a $1 million bounty for the attacker in the event that they return the remaining funds.
On Oct. 20, the Tapioca Basis despatched an on-chain message to the pockets linked to the attacker providing them an opportunity to legally “walk away” with the bounty with none authorized repercussions in the event that they selected to return the remaining funds to the protocol.
The inspiration has provided $1 million USDT if the attacker returns the remaining $3.7 million to the protocol, and has given till Oct. 22, 4 pm UTC to simply accept the provide.
On the time of writing the hacker has not responded to the bounty, whereas the protocol has suspended operations and urged customers to not work together with any Tapioca contracts.
What occurred?
The DeFi protocol was focused on Oct. 18 after its pseudonymous co-founder “Rektora” fell sufferer to an alleged social engineering assault. Such assaults depend on tricking victims into revealing delicate info or deceptive them into downloading malicious software program or clicking on phishing hyperlinks.
In line with Tapioca co-founder Matt Marino, Rektora was tricked into downloading some malicious software program which allowed the attackers to compromise the possession of the vesting contract for the protocol’s native TAP token.
This allowed them to withdraw 30 million vested TAP tokens—price round $1.40 on the time however now valued at $0.01 following the exploit. As well as, the attackers additionally gained management over the USDO stablecoin contract.
In whole, the attacker made off with roughly $4.4 million, together with $2.8 million in USDC and $1.57 million in ETH, drained from the USDO/USDC liquidity pool. The stolen funds had been shortly swapped for ETH, then USDT, and finally bridged from Arbitrum to the BNB Chain, the place they at the moment stay.
Marion allegedly “hacked” the attacker and managed to get better 1,000 ETH, per an Oct. 19 replace on the challenge’s Discord.
Final 12 months, DeFi lending protocol Euler Finance efficiently recovered over 58,000 ETH stolen in a flash mortgage assault. On the time, the protocol despatched an on-chain message demanding the return of the funds, and threatening to supply a $1 million reward for info resulting in the attacker’s identification if the funds weren’t returned.
Nevertheless, not all bounty gives result in the restoration of stolen funds. As an example, crypto change WazirX launched a bounty program for $11.5 million after it misplaced over $234 million price of a number of cryptocurrencies.
Regardless of the reward provide, the stolen funds stay unrecovered, with attackers laundering vital quantities of the loot by way of platforms like Twister Money.
