The $1 million bounty is considerably higher than the typical 10% bounty offered in such cases.
The perpetrator of the $4.7 million theft from the Tapioca Foundation’s decentralized finance (DeFi) protocol is eligible for a $1 million reward.
The foundation described the incident as a “social engineering attack,” which led to the significant loss.
In an on-chain message sent on October 20, Tapioca addressed the attacker directly, offering a settlement that would allow the attacker to walk away with $1 million in Tether (USDT), no strings attached.
Tapioca Requests Return of Remaining $3.7M
The $1 million bounty is significantly more than the usual 10% bounty given in these kinds of situations.
The foundation asked for the remaining $3.7 million to be returned in exchange.
The October 18 attack resulted in the theft of $2.8 million in USD Coin (USDC) and 591 Ether (ETH).
Tapioca claims that the attacker took advantage of a flaw in the vesting contract for both the UDSO stablecoin and its TAP token.
After successfully claiming and selling vested TAP tokens, the attacker altered the USDO stablecoin by adding a minter to produce an endless supply, depleting the USDO and USDC liquidity pools.
Further information was disclosed by Tapioca co-founder Matt Marino in a message posted on the project’s Discord channel.
He clarified that his fellow co-founder, going by the alias “Rektora,” had fallen victim to phishing during the interview procedure.
Unintentionally downloading malicious software, Rektora changed a transaction and allowed the attacker access to important contracts.
Surprisingly, Marino then revealed that Tapioca had succeeded in “hacking the hacker” and recovered 1,000 ETH, or over $2.7 million, that had served as collateral in a liquidity pool for the USDO stablecoin.
The attack significantly reduced the value of the TAP token, even though some of the money were recovered.
At about $1.40, TAP was trading just before the incident. According to CoinGecko, it fell to just 2 cents after the attack.
The attacker’s wallet still holds funds on the BNB Chain, but it remains to be seen whether they will return the remaining stolen assets.
Crypto Users Lose $46M to Phishing Scams in September
Phishing attacks, which can cause significant losses, are still a big problem for cryptocurrency users.
According to Scam Sniffer, a Web3 anti-scam platform, over 10,000 people lost over $46 million to these kinds of scams in September alone.
The platform disclosed that 10,805 individuals lost $46.7 million as a result of different cryptocurrency phishing schemes last month.
Just recently, it was revealed that cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.
This comes on the heels of another malware threat identified in August.
The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.
In another instance, a fraudulent crypto wallet app on Google Play has stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.
The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.