Tapioca DAO 遭受大规模攻击，导致 TAP 代币价格下跌 95%

Tapioca DAO 遭受大规模攻击，导致 TAP 代币价格下跌超过 95%。价值约 450 万美元的加密货币被盗

The Tapioca DAO suffered a huge exploit, leading to a more than 95% drop in the TAP token price. Around $4.5 million in cryptocurrencies were stolen, although the team says it is recovering funds with help from web3 security firm Fuzzland and others.

Tapioca DAO 遭受了巨大的攻击，导致 TAP 代币价格下跌了 95% 以上。尽管该团队表示正在 web3 安全公司 Fuzzland 和其他公司的帮助下追回资金，但大约 450 万美元的加密货币被盗。

"All current Tapioca DAO Platform users are advised to revoke approvals to our Contracts until the recent Compromise has been resolved,” the Tapioca Foundation said on X. “Please reach out to website support upon any issues revoking approvals."

Tapioca 基金会在 X 上表示：“建议所有当前的 Tapioca DAO 平台用户撤销对我们合同的批准，直到最近的妥协得到解决。”“如果出现任何撤销批准的问题，请联系网站支持。”

According to the foundation, the attacker was able to compromise the token’s vesting contract, giving him access to sell its 30 million vested TAP tokens — at the time worth around $1.40, now less than $0.04 — as well as the USDO stablecoin contract.

据该基金会称，攻击者能够破坏该代币的归属合约，使他能够出售其 3000 万个归属的 TAP 代币（当时价值约为 1.40 美元，现在不到 0.04 美元）以及 USDO 稳定币合约。

In total, the attacker walked away with about $4,405,600, including $2.8 million USDC and $​​1,575,606 in ETH drained from the USDO/USDC liquidity pair. The stolen funds were swapped for ETH, then USDT, and then bridged from Arbitrum to BNB Chain, where they remained at press time.

攻击者总共带走了约 4,405,600 美元，其中包括从 USDO/USDC 流动性对中流失的 280 万美元 USDC 和 1,575,606 美元的 ETH。被盗资金被交换为 ETH，然后是 USDT，然后从 Arbitrum 桥接至 BNB 链，截至发稿时仍留在那里。

Tapioca is a decentralized money market protocol built on LayerZero for borrowing cryptocurrencies across multiple blockchains. It uses a stablecoin called USDO and Tapioca Omnichain Fungible Tokens (TOFTs) to allow users to move wrapped assets between networks.

Tapioca 是一种基于 LayerZero 的去中心化货币市场协议，用于跨多个区块链借用加密货币。它使用名为 USDO 的稳定币和 Tapioca Omnichain Fungible Tokens (TOFT) 来允许用户在网络之间移动打包资产。

According to Fuzzland, it seems likely the attacker obtained the private keys through social engineering. On Discord, Tapioca co-founder Matt Marino said Discord member 0xRektora was contacted about a friend being hired, which tricked him into lowering his guard enough to connect the hardware wallet that the attacker used to gain ownership of TAP.

根据 Fuzzland 的说法，攻击者很可能通过社会工程获得了私钥。 Tapioca 联合创始人马特·马里诺 (Matt Marino) 在 Discord 上表示，Discord 成员 0xRektora 因一位朋友被聘用而与他联系，这诱使他放松警惕，连接攻击者用来获取 TAP 所有权的硬件钱包。

“North Korea is always the garbage collector here,” Fuzzland said, adding that the connection to the Hermit Kingdom has not yet been proven and that the situation is “complicated.”

法兹兰说：“朝鲜一直是这里的垃圾收集者。”他补充说，与隐士王国的联系尚未得到证实，而且情况“很复杂”。

Those attacks “were the result of fake job scams” where North Korean actors posed as interview subjects or vendors to gain inside access or information needed to steal funds, ZachXBT said. There have been a slew of anecdotes and a recent CoinDesk investigation suggesting this type of “contagious interview” scam is a widespread and growing issue across crypto.

ZachXBT 表示，这些攻击“是虚假工作诈骗的结果”，朝鲜演员冒充采访对象或供应商，以获得内部访问权限或窃取资金所需的信息。有大量轶事和 CoinDesk 最近的一项调查表明，这种类型的“传染性采访”骗局是加密货币领域一个普遍存在且日益严重的问题。

Recovering funds?

收回资金？

“We have coordinated and are active in a war room with the necessary individuals and entities to proceed forward, and will be communicating on further steps when the situation is under control,” the foundation wrote.

该基金会写道：“我们已与必要的个人和实体进行协调，并在作战室中积极开展工作，并将在局势得到控制后就进一步措施进行沟通。”

Tony, a security engineer at Fuzzland and member of the volunteer emergency response team SEAL911, was one of the members in the war room, which worked to help them recover a portion of the funds that the hacker didn't notice, he told The Block.

托尼是 Fuzzland 的安全工程师，也是志愿者紧急响应小组 SEAL911 的成员，他是作战室的成员之一，该小组致力于帮助他们追回黑客没有注意到的部分资金，他告诉 The Block 。

According to Marino on Discord, the organization moved 1,000 ETH — worth about $2.7 million — from a vault to a secure location — the DAO multisig. "The 1000 ETH was DAO collateral within Big Bang Origins to mint USDO for USDO/USDC LP," he added.

根据 Marino 在 Discord 上的说法，该组织将 1,000 个 ETH（价值约 270 万美元）从金库转移到一个安全位置——DAO 多重签名。 “这 1000 个 ETH 是 Big Bang Origins 中的 DAO 抵押品，用于为 USDO/USDC LP 铸造 USDO，”他补充道。

"The team attempted to rescue these assets by first approving the Multicall, which anyone can take away these assets. Luckily, no one found out and they managed to still rescue these assets," Fuzzland co-founder Chaofan Shou told The Block.

“团队试图通过首先批准 Multicall 来拯救这些资产，任何人都可以拿走这些资产。幸运的是，没有人发现，他们仍然成功地拯救了这些资产，”Fuzzland 联合创始人 Chaofan Shou 告诉 The Block。

However, the response team has not yet been able to fully recover any of the stolen assets. The DAO’s treasury currently stands at $4.2 million, Marino said.

然而，响应小组尚未能够完全追回任何被盗资产。 Marino 表示，DAO 的财务状况目前为 420 万美元。