Tapioca DAO 遭受大規模攻擊，導致 TAP 代幣價格下跌 95%

Tapioca DAO 遭受大規模攻擊，導致 TAP 代幣價格下跌超過 95%。價值約 450 萬美元的加密貨幣被盜

The Tapioca DAO suffered a huge exploit, leading to a more than 95% drop in the TAP token price. Around $4.5 million in cryptocurrencies were stolen, although the team says it is recovering funds with help from web3 security firm Fuzzland and others.

Tapioca DAO 遭受了巨大的攻擊，導致 TAP 代幣價格下跌了 95% 以上。儘管該團隊表示正在 web3 安全公司 Fuzzland 和其他公司的幫助下追回資金，但約 450 萬美元的加密貨幣被盜。

"All current Tapioca DAO Platform users are advised to revoke approvals to our Contracts until the recent Compromise has been resolved,” the Tapioca Foundation said on X. “Please reach out to website support upon any issues revoking approvals."

Tapioca 基金會在 X 上表示：“建議所有當前的 Tapioca DAO 平台用戶撤銷對我們合約的批准，直到最近的妥協得到解決。”“如果出現任何撤銷批准的問題，請聯繫網站支持。”

According to the foundation, the attacker was able to compromise the token’s vesting contract, giving him access to sell its 30 million vested TAP tokens — at the time worth around $1.40, now less than $0.04 — as well as the USDO stablecoin contract.

據該基金會稱，攻擊者能夠破壞該代幣的歸屬合約，使他能夠出售其 3000 萬個歸屬的 TAP 代幣（當時價值約為 1.40 美元，現在不到 0.04 美元）以及 USDO 穩定幣合約。

In total, the attacker walked away with about $4,405,600, including $2.8 million USDC and $​​1,575,606 in ETH drained from the USDO/USDC liquidity pair. The stolen funds were swapped for ETH, then USDT, and then bridged from Arbitrum to BNB Chain, where they remained at press time.

攻擊者總共帶走了約 4,405,600 美元，其中包括從 USDO/USDC 流動性對中流失的 280 萬美元 USDC 和 1,575,606 美元的 ETH。被盜資金被交換為 ETH，然後是 USDT，然後從 Arbitrum 橋接至 BNB 鏈，截至發稿時仍留在那裡。

Tapioca is a decentralized money market protocol built on LayerZero for borrowing cryptocurrencies across multiple blockchains. It uses a stablecoin called USDO and Tapioca Omnichain Fungible Tokens (TOFTs) to allow users to move wrapped assets between networks.

Tapioca 是一種基於 LayerZero 的去中心化貨幣市場協議，用於跨多個區塊鏈借用加密貨幣。它使用名為 USDO 的穩定幣和 Tapioca Omnichain Fungible Tokens (TOFT) 來允許用戶在網路之間移動打包資產。

According to Fuzzland, it seems likely the attacker obtained the private keys through social engineering. On Discord, Tapioca co-founder Matt Marino said Discord member 0xRektora was contacted about a friend being hired, which tricked him into lowering his guard enough to connect the hardware wallet that the attacker used to gain ownership of TAP.

根據 Fuzzland 的說法，攻擊者很可能透過社會工程獲得了私鑰。 Tapioca 聯合創始人 Matt Marino 在 Discord 上表示，Discord 成員 0xRektora 因一位朋友被聘用而與他聯繫，這誘使他放鬆警惕，連接攻擊者用來獲取 TAP 所有權的硬體錢包。

“North Korea is always the garbage collector here,” Fuzzland said, adding that the connection to the Hermit Kingdom has not yet been proven and that the situation is “complicated.”

法茲蘭說：「北韓一直是這裡的垃圾收集者。」他補充說，與隱士王國的聯繫尚未得到證實，而且情況「很複雜」。

Those attacks “were the result of fake job scams” where North Korean actors posed as interview subjects or vendors to gain inside access or information needed to steal funds, ZachXBT said. There have been a slew of anecdotes and a recent CoinDesk investigation suggesting this type of “contagious interview” scam is a widespread and growing issue across crypto.

ZachXBT 表示，這些攻擊“是虛假工作詐騙的結果”，北韓演員冒充採訪對像或供應商，以獲得內部訪問權限或竊取資金所需的資訊。有大量軼事和 CoinDesk 最近的一項調查表明，這種類型的「傳染性採訪」騙局是加密貨幣領域普遍存在且日益嚴重的問題。

Recovering funds?

收回資金？

“We have coordinated and are active in a war room with the necessary individuals and entities to proceed forward, and will be communicating on further steps when the situation is under control,” the foundation wrote.

基金會寫道：“我們已與必要的個人和實體進行協調，並在作戰室中積極開展工作，並將在局勢得到控制後就進一步的步驟進行溝通。”

Tony, a security engineer at Fuzzland and member of the volunteer emergency response team SEAL911, was one of the members in the war room, which worked to help them recover a portion of the funds that the hacker didn't notice, he told The Block.

托尼是 Fuzzland 的安全工程師，也是志願者緊急應變小組 SEAL911 的成員，他是作戰室的成員之一，該小組致力於幫助他們追回駭客沒有註意到的部分資金，他告訴 The Block 。

According to Marino on Discord, the organization moved 1,000 ETH — worth about $2.7 million — from a vault to a secure location — the DAO multisig. "The 1000 ETH was DAO collateral within Big Bang Origins to mint USDO for USDO/USDC LP," he added.

根據 Marino 在 Discord 上的說法，該組織將 1,000 個 ETH（價值約 270 萬美元）從金庫轉移到一個安全位置——DAO 多重簽名。 「這 1000 個 ETH 是 Big Bang Origins 中的 DAO 抵押品，用於為 USDO/USDC LP 鑄造 USDO，」他補充道。

"The team attempted to rescue these assets by first approving the Multicall, which anyone can take away these assets. Luckily, no one found out and they managed to still rescue these assets," Fuzzland co-founder Chaofan Shou told The Block.

「團隊試圖透過先批准 Multicall 來拯救這些資產，任何人都可以拿走這些資產。幸運的是，沒有人發現，他們仍然成功地拯救了這些資產，」Fuzzland 聯合創始人 Chaofan Shou 告訴 The Block。

However, the response team has not yet been able to fully recover any of the stolen assets. The DAO’s treasury currently stands at $4.2 million, Marino said.

然而，響應小組尚未能夠完全追回任何被盜資產。 Marino 表示，DAO 的財務狀況目前為 420 萬美元。