TAC recovers most funds from $2.85M hack

Blockchain project TAC has published a post-mortem report on a $2.85 million Ton (TON) bridge exploit that occurred on May 11. According to the report, the attacker bypassed the bridge's code hash verification using a counterfeit contract that mimicked a jetton wallet. This exploit tricked the bridge into processing false inputs as legitimate USDT deposits, leading to the issuance of uncollateralized assets on the TAC side and the draining of locked assets from the TON side. The stolen funds were laundered across multiple networks via LayerZero and were immediately detected by security firm Hypernative, though initial recovery efforts failed. TAC stated that it has recovered most of the funds through direct negotiations and will use foundation funds to cover the remaining balance, ensuring all users are fully compensated. The project added that the patched sequencer will be gradually reactivated following external audits and peer reviews.