Can you hack a hacker? Tapioca DAO’s $2.7m counter exploit says yes

Can you hack a hacker? Tapioca DAO’s $2.7m counter exploit says yes
DeFi
Tapioca DAO takes back $2.7 million from its hacker. Illustration: Gwen P; Source: Shutterstock

A version of this article appeared in our The Decentralised newsletter on October 29. Sign up here.

GM, Tim here.

  • Tapioca DAO takes back $2.7 million from its hacker.
  • Kraken follows Coinbase with Ethereum layer 2 plans.
  • Sky could switch back to being called MakerDAO, founder says.

Hacking a hacker

Tapioca DAO has hit back against its hacker after the fledgling DeFi lending protocol was kneecapped by a $4.7 million exploit.

In a post-mortem report, the protocol revealed it used a counter exploit to take back 996 Ether — worth $2.7 million — that the hacker stole.

“The security team utilised an exploit to recover the ETH from the attacker before he could launder it,” the report said, withholding the specific details of how the counter exploit was conducted.

The move turns Tapioca’s loss from a near wipe-out to a more manageable 45% loss.

The post-mortem also revealed that a North Korean group was behind the attack. The group used a social engineering attack to trick a Tapioca DAO engineer into downloading malware.

In response, Tapioca offered the hacker a $1 million bounty to return the funds by October 22, which has since been revoked.

Join the community to get our latest stories and updates

Hackers from the hermit kingdom don’t usually accept such bounties.

Tapioca’s counter exploit isn’t the first time a protocol has forcibly taken back stolen funds from a hacker.

In 2023, developers behind Oasis, the then-main gateway for top DeFi lending protocol Maker, reclaimed $140 million of stolen crypto from the Wormhole bridge hack.

Kraken’s layer 2

US crypto exchange Kraken is looking to replicate Coinbase’s success with the Base blockchain by building its own Ethereum layer 2.

That blockchain, called Ink, will use fellow layer 2 Optimism’s infrastructure to offer faster and cheaper transactions than the Ethereum mainnet.

Most people who own and trade crypto rarely interact directly with blockchain-based applications. Instead, they let centralised exchanges store and swap crypto on their behalf.

That could be changing.

Coinbase’s Base is growing fast. It recently surpassed Arbitrum to become the top layer 2 with $2.5 billion of deposits, and makes millions in profit for the exchange every quarter.

But at the same time, the Ethereum layer 2 space is becoming increasingly crowded.

There are now over 100 Ethereum layer 2s competing for users. Many in the Ethereum community also question if layer 2s negatively impact the main Ethereum network.

Maker rethinks rebrand

Sky founder Rune Christensen said he made a “typical DeFi mistake” when he pushed a rebrand that saw the stablecoin issuer and lending protocol ditch the Maker name in August.

The overhaul was supposed to take DeFi mainstream by introducing a cohesive, user-friendly brand and new versions of its tokens.

But in a sudden about-face, Christensen proposed last week to ditch the Sky brand and return to Maker. He also hopped on a live forum on X to celebrate what the effort accomplished and to contemplate where it went wrong.

Since the update, USDS, a new version of the DAI stablecoin, has soared to a market value of over $1.1 billion.

Christensen said the quick growth of USDS was down to its appeal among a different demographic of users who weren’t previously using DAI.

But at the same time, the protocol’s governance token has taken a massive hit, its value falling almost 50% to $1,200.

This week in DeFi governance

VOTE: Uniswap DAO votes on growth programme trial

VOTE: Compound DAO weighs Immunefi for bug bounty programme

VOTE: BNB Chain mulls way to make the blockchain more decentralised

Post of the week

Top stablecoin issuer Tether, in collaboration with the Swiss City of Lugano, unveiled a new statue of the pseudonymous Bitcoin creator Satoshi Nakamoto.

Got a tip about DeFi? Reach out at tim@dlnews.com.

Related Topics