Suspected North Korea Links in $5 Million Tapioca DAO Breach

The decentralized finance (DeFi) protocol, Tapioca DAO, was targeted in a significant security breach on October 18, leading to severe financial losses and the collapse of its native TAP token. The attack, which is believed to have resulted in the loss of millions, has raised suspicions of links to North Korean cyber actors, though no direct evidence has confirmed these claims.

Details of the Breach

Tapioca DAO, a decentralized money market operating on LayerZero, saw its TAP token lose over 90% of its value after the breach. According to blockchain security firm Cyvers, the protocol's deployer address was compromised, allowing the attacker to make unauthorized modifications to the ownership of the vesting contract.

The attacker exploited this vulnerability to withdraw over 21 million TAP tokens, using an emergency function within the system. The stolen tokens were then swapped for 591 ETH, causing the TAP token’s price to plummet by 93%. The attacker moved some of the stolen assets via the Stargate bridge to the BNB Chain, where the suspicious address currently holds approximately $4.7 million in BSC-USD and USDC.

Initial estimates by Cyvers put the total losses from the breach at around $16.9 million, though Web3 security auditor Hacken suggests the true figure could be closer to $38 million.

Phishing Warnings in Aftermath

In the wake of the attack, Hacken has cautioned users about phishing attempts. Scammers are reportedly spreading fake refund links to trick victims into sharing sensitive account information or revoking access to their wallets. Users have been urged to be cautious of any unsolicited links or requests related to the breach.

Possible North Korea Connection

On-chain investigator ZachXBT has speculated that the Tapioca DAO hack may be linked to a malware infection on a team member’s device. He believes this incident is part of a broader wave of attacks targeting multiple blockchain projects, including Nexera, Concentric, Masa, and several others. These attacks are believed to be connected to fake job scams orchestrated by state-sponsored groups, potentially from North Korea.

However, as of now, no definitive proof has emerged to confirm a direct link between the Tapioca DAO breach and North Korean actors.

Despite the severity of the breach, Tapioca DAO has not yet released an official statement. The investigation into the incident is ongoing, with further details expected to emerge.