TAC's $2.8M bridge exploit is now a white hat after the hacker took the 10% bounty
TAC Protocol's TON-Ethereum bridge was drained for $2.8M on May 12, hitting $USDT, $BLUM, and $tsTON. The hacker accepted a 10% bounty and returned the remainder, converting the exploit into a white hat incident.
Bridge Drained, Funds Recovered
@TacBuild's TON-Ethereum bridge was exploited on May 12, with an attacker draining roughly $2.8 million from the protocol. The exploit targeted the TON side of TAC's cross-chain layer, with losses spread across $USDT, $BLUM, and $tsTON. TAC said the vulnerability was isolated to native TON Jettons bridged from the TON network, and that the TAC token itself, TON, and all ERC-20 tokens were unaffected.
TAC's total value locked sat at approximately $2.74 million as of May 14, per DefiLlama, meaning the $2.8 million exploit roughly equaled the protocol's entire TVL.
TAC has since reclassified the incident as a white hat event, after the hacker apparently took the team up on its offer to keep 10% of the moved funds in exchange for returning the rest to its multisig wallets. With the refunds processed, the 10% bounty came to about 13 ETH plus 300 ZEC.
No Litigation, Compensation Plan in Motion
The team said that after the exploiter returned funds to the designated multisig wallet on Ethereum and a corresponding address on TON, it decided not to pursue litigation, a decision coordinated with its security partners and law enforcement. The bridge remains paused while forensic analysis and remediation are ongoing, with a post-mortem to be published soon.
For affected users, the path to compensation is unconventional. The team has opted not to raise fresh capital or tap an insurance fund, and instead plans to sell tokens from its reserves to reimburse those affected. A firm timeline, token amount, or sale format has not yet been published.
Offering hackers a percentage of stolen funds in exchange for returning the majority is standard practice in Web3. The TAC case fits a broader pattern of cross-chain bridge vulnerabilities in 2026. DeFi protocols have lost more than $750 million to hacks and exploits so far this year.
The TAC token has taken a beating since the exploit, with its price dropping more than 21% over the past week and market cap falling to $79 million from over $91 million before the May 12 disclosure.
Sources:
MEXC News: TAC labels $2.8M bridge exploit a white hat incident
SlowMist Hacked: TAC Bridge Incident Log
Memeburn: TAC Protocol Bridge Hack, $2.8M Drained on TON-ETH Link
Latest News
Read More...
(Advertisement)
Author
Ben AntesBen is the Financial Manager at BSCN and one of the four founding team members. Holding a Master of Business Administration (MBA), he combines a strong foundation in finance and business strategy with a deep passion for decentralized finance. A self-proclaimed yield farming "guru," Ben spends his time researching the latest DeFi projects, dissecting tokenomics, and exploring emerging opportunities across the crypto landscape — bridging traditional financial expertise with the fast-moving world of Web3.