Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Tapioca DAO experienced a significant security breach, with attackers obtaining relevant private keys through social engineering attacks and stealing approximately $4.7 million in cryptocurrency. On October 25, Tapioca DAO released an incident analysis report stating that the security breach occurred because attackers successfully compromised the private keys of a core contributor responsible for smart contract development. SEAL911 confirmed that the attackers were part of a North Korean hacking group that used a contagious interview attack method to inject malware onto the contributor's computer, thereby gaining access to the private keys of their address to carry out the theft. Attack method (per SlowMist): Malware Attack. Reported loss: $ 4,700,000.
- chain
- —
- protocol
- Tapioca DAO
- bug_class
- private-key
- date_occurred
- 2024-10-18
- loss_usd
- $4,700,000
- source_id
- sm:tapioca-dao::2024-10-18