Decentralized Money Market Protocol Loses $4.3M in Social Engineering Attack

Stolen Funds Moved to BNB Chain

Tapioca DAO, a decentralized money market protocol built on Layerzero, confirmed on Oct. 18 that it had fallen victim to a social engineering attack. The incident allowed attackers to compromise the ownership of the TAP token vesting contract, enabling them to sell 30 million vested tokens.

Blockchain security firm Cyvers first reported suspicious transactions involving Tapioca DAO hours earlier. According to Cyvers, the attacker withdrew over 21 million $TAP tokens using emergency rescue, swapped them for 591 ETH, and then bridged the funds to the BNB Chain.

Cyvers estimated the attacker’s BNB holdings at around $4.7 million in BSC-USD and USDC. However, Tapioca DAO reported losses of 591 ETH and 2.8 million USDC. In a statement on X, the protocol said it is taking steps to address the issue.

“We have coordinated and are active in a war room with the necessary individuals and entities to proceed forward, and will be communicating on further steps when the situation is under control,” Tapioca DAO said in the statement.

The statement cautioned users against interacting with any Tapioca contracts or tokens until further information becomes available.

Meanwhile, in another statement issued a few hours after the incident, Tapioca DAO advised users to consider the official announcement, post-mortem, and TAP token migration plan as the only reliable sources of information regarding the incidents. The statement warned users to disregard any other claims as misinformation.

What are your thoughts on this story? Share your opinion in the comments section below.