TAC Protocol Bridge
Summary
TAC Protocol is an EVM-compatible Layer-1 blockchain built on Cosmos SDK that bridges Ethereum DeFi applications to the TON blockchain and Telegram ecosystem. On May 12, 2026, its cross-chain bridge was exploited for approximately $2.86 million — the protocol's entire TVL at the time — due to missing validation in sequencer software that allowed attackers to forge Jetton wallets. The attacker subsequently accepted a 10% white-hat bounty, returning roughly 90% of stolen funds to TAC's multisig; the bridge remains paused pending an independent security audit as of late May 2026.
Connected Entities
1 entities · 10 linked investigationsTimeline(6 events)
2025-07-15
TAC Protocol launched its public mainnet with DeFi protocols including Curve, Morpho, and Euler deployed.
The Block2026-05-11
TAC Protocol disclosed the existence of a security vulnerability in the TON-TAC bridge sequencer software.
KuCoin News2026-05-12
Attacker exploited missing Jetton wallet validation in the bridge sequencer, draining approximately $2.86 million in USDT, BLUM, and tsTON — TAC's entire TVL. TAC bridge paused.
MEXC News2026-05-14
TAC recovered approximately 90% of stolen funds to its multisig wallet after the attacker accepted a 10% white-hat bounty (reported as ~13 ETH + 300 ZEC). TAC reclassified the incident as white-hat and announced it would not pursue litigation.
KuCoin News2026-05-14
TAC announced a compensation plan based on a legally structured sale of Foundation TAC token treasury reserves to make affected users whole. Specific timeline and sale details were not disclosed.
MEXC NewsDecision Log
- hash: GF2f7nRX3gJNLqe1AFkmUnNPwWPA9S4As3G7ZrWMXPA8
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/28/2026, 3:27:09 AM
last updated: 5/28/2026, 3:28:14 AM
avoid.net — verified advice for a post-truth world