Tapioca Foundation revealed the breach in an on-chain message on October 20, directly addressing the attacker. The message contained an appealing offer: “We would like to offer you an attractive bounty settlement where you would walk away with funds that are fully legally yours, no strings attached.” The proposed $1 million in Tether (USDT) is considerably higher than the typical 10% bounty, with the expectation that the attacker will return the remaining $3.7 million.
The attack involved the theft of 591 ETH and $2.8 million in USD Coin (USDC), according to Tapioca’s October 18 X post. The breach targeted the vesting contract for the Tapioca DAO Token (TAP) and the USDO stablecoin. The hacker gained access to the vested TAP tokens and exploited the contract to mint an infinite amount of USDO, which was then used to drain liquidity pools containing USDO and USDC.
Matt Marino, co-founder of Tapioca, provided more insight on the incident in the project’s Discord on October 19. He explained that a fellow co-founder, pseudonymously known as “Rektora,” fell victim to a phishing attack during a job interview. Marino stated that Rektora unknowingly downloaded malicious software, allowing attackers to alter transactions and take control of key contracts.
However, the team managed to recover part of the stolen assets. Marino later announced that Tapioca had “hacked the hacker” and retrieved 1,000 ETH, valued at over $2.7 million. This amount had been used as collateral for the USDO stablecoin in a liquidity pool.
Tap Token Drops Sharply Following the $4.7M AttackDespite the partial recovery, the attack has caused severe damage to the value of the TAP token. Following the breach, nearly 30 million TAP tokens were withdrawn from the vesting contract and swapped for approximately $1.5 million in ETH. The attacker then converted the ETH into USDT and transferred it to the BNB Chain, where the funds remain as per on-chain records.
The TAP token, which was trading at around $1.40 before the attack, has plummeted in value, now hovering at just $0.015. Source: Brave New Coin market cap table
The Tapioca Foundation hacking incident raises questions about the security of DeFi protocols. And not just protocols, but in general, every crypto project. The crypto community has suffered multiple frauds and hacks in the past four months.
Crypto Influencer Faces Scam AllegationsPopular crypto influencer Jaypeg has been accused of scamming the team behind the “Uptober” meme coin in a promotional deal gone wrong. According to the Uptober team, Jaypeg agreed to promote their meme coin in exchange for 2% of the token supply, valued at $2,200. After receiving the tokens, the influencer allegedly sold them and denied receiving any funds. Jaypeg also reportedly deleted the wallet address provided in the project’s Telegram group, claiming it was random and did not belong to him.
Seeking clarity, the Uptober team enlisted blockchain investigator ZackXBT, who found evidence linking the wallet to Jaypeg. The same address was used to claim airdrops from the Solana Saga smartphone shortly after Jaypeg posted a video about the device in January 2024. Despite the evidence, Jaypeg maintained that the wallet address was unrelated and accused the Uptober team of trying to blackmail him. In a public apology, he claimed to have donated the funds to charity, though no further details were provided. The controversy has surfaced amid growing interest in meme coins, with analyst Murad Mahmudov predicting a potential “meme coin supercycle.”
