North Korea is suspected to be involved in a recent security breach of Tapioca DAO, a decentralized money market protocol on LayerZero. The breach occurred on October 18, causing the native TAP token to plummet by over 90%. Blockchain security firm Cyvers discovered that the protocol’s deployer address was compromised, allowing the attacker to make unauthorized changes to the vesting contract’s ownership.
The attacker took advantage of the vulnerability to withdraw more than 21 million TAP tokens using an emergency rescue function. These tokens were then exchanged for 591 ETH, leading to a 93% crash in TAP’s value. Further investigation revealed that the attacker utilized Stargate to transfer some of the stolen assets to BNB Chain. Currently, the suspicious address holds around $4.7 million worth of BSC-USD and USDC on the BNB Chain.
Cyvers estimated the total losses from the breach to be approximately $16.9 million, while Hacken suggested it could be as high as $38 million. Following the attack, Hacken warned users about phishing attempts, with malicious actors spreading fake links promising refunds and urging users to revoke their accounts.
Tapioca DAO, focused on developing a DeFi money market and stablecoin on Layer Zero’s cross-chain infrastructure, has not issued a public statement regarding the breach at this time. On-chain investigator ZachXBT speculated that the hack may be linked to malware downloaded by a team member and could be part of a larger operation targeting various projects like Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll. ZachXBT also mentioned the possibility of state-sponsored threat actors from North Korea being involved in these attacks, although there is no concrete evidence connecting the Tapioca breach to North Korea as of now.