Tapioca Foundation offers $1m bounty to attacker after $4.7m exploit

After a $4.7 million exploit hit the DeFi protocol Tapioca DAO, the builders have put up a $1 million bounty for the attacker in the event that they return the remaining funds.
On Oct. 20, the Tapioca Basis sent an on-chain message to the pockets linked to the attacker providing them an opportunity to legally “stroll away” with the bounty with none authorized repercussions in the event that they selected to return the remaining funds to the protocol.
The muse has provided $1 million USDT if the attacker returns the remaining $3.7 million to the protocol, and has given till Oct. 22, 4 pm UTC to just accept the provide.
On the time of writing the hacker has not responded to the bounty, whereas the protocol has suspended operations and urged customers to not work together with any Tapioca contracts.
What occurred?
The DeFi protocol was focused on Oct. 18 after its pseudonymous co-founder “Rektora” fell sufferer to an alleged social engineering attack. Such assaults depend on tricking victims into revealing delicate data or deceptive them into downloading malicious software program or clicking on phishing links.
In accordance with Tapioca co-founder Matt Marino, Rektora was tricked into downloading some malicious software program which allowed the attackers to compromise the possession of the vesting contract for the protocol’s native TAP token.
This allowed them to withdraw 30 million vested TAP tokens—price round $1.40 on the time however now valued at $0.01 following the exploit. As well as, the attackers additionally gained management over the USDO stablecoin contract.
In complete, the attacker made off with roughly $4.4 million, together with $2.8 million in USDC and $1.57 million in ETH, drained from the USDO/USDC liquidity pool. The stolen funds have been rapidly swapped for ETH, then USDT, and ultimately bridged from Arbitrum to the BNB Chain, the place they presently stay.
Marion allegedly “hacked” the attacker and managed to get well 1,000 ETH, per an Oct. 19 update on the mission’s Discord.
Final 12 months, DeFi lending protocol Euler Finance efficiently recovered over 58,000 ETH stolen in a flash mortgage assault. On the time, the protocol despatched an on-chain message demanding the return of the funds, and threatening to supply a $1 million reward for data resulting in the attacker’s identification if the funds weren’t returned.
Nevertheless, not all bounty gives result in the restoration of stolen funds. For example, crypto alternate WazirX launched a bounty program for $11.5 million after it misplaced over $234 million price of a number of cryptocurrencies.
Regardless of the reward provide, the stolen funds stay unrecovered, with attackers laundering important quantities of the loot by platforms like Twister Money.