Verify a decision

{"actor":"system:backfill","investigation_id":"dd1085e9-036b-43c6-a646-59908eb5bd44","kind":"publish","page_slug":"tesseradao","published_at":"2026-06-03T12:14:20.962Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"TesseraDAO","sections":[{"content":"On June 1, 2026 at approximately 11:38:25 AM UTC, an attacker exploited privileged minting access on the TesseraDAO smart contract deployed on BNB Chain, creating 99 million TSR tokens from the zero address and routing them to wallet 0x6f2b45B950d1739EF67C76F4106df6d6E84904cB. The tokens were immediately dumped on decentralized exchanges, primarily the PancakeSwap TSR/BUSD pair. The resulting sell pressure caused the TSR token to lose approximately 99% of its market value within hours, collapsing from a market capitalization of roughly $4 million to approximately $213,720. The attacker's address associated with the incident is 0x2201037A1755eC48eC5f00Fea21A10A9E56f2Dd8. The mint transaction hash is 0x25093e573c116562c8839dc67a15ac21761271006a8dfe50b18fa475564bfcd1.","heading":"Exploit Overview","severity":"critical","sources":[{"credibility":2,"name":"TesseraDAO TSR Token Crashes 99% Following 99M Token Mint Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/02/tesseradao-tsr-plunges-99-after-attacker-mints-99m-tokens/"},{"credibility":2,"name":"Hacker Drains $2.4 Million From TesseraDAO Through Unauthorized TSR Minting — UseTheBitcoin","type":"news_article","url":"https://usethebitcoin.com/news/tesseradao-hack-tsr-mint-exploit/"},{"credibility":2,"name":"TesseraDAO Hack Drains $2.5 Million as TSR Token Crashes Nearly 99% on BNB Chain — BitRss","type":"news_article","url":"https://bitrss.com/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain-216851"}]},{"content":"Security researchers and on-chain analysts assessed that the exploit stemmed from minting privileges remaining under the control of a single externally owned account (EOA) linked to the project's original deployer. This is a recognized failure mode in BNB Chain projects that launch via templated token deployers: admin or minting authority is never transferred to a multi-signature wallet or time-locked governance contract, leaving the protocol vulnerable to key compromise or insider misuse. The attacker's ability to mint directly from the zero address is consistent with retained deployer-level access rather than a logic bug in the contract code itself. Some community observers characterized the incident as a rug pull or insider attack rather than a conventional external exploit, citing that minting and critical contract functions were controlled exclusively by deployer-related addresses. The precise method by which the admin key was obtained — whether through external theft, phishing, or internal action — has not been publicly confirmed.","heading":"Root Cause: Unprotected Mint Authority","severity":"critical","sources":[{"credibility":2,"name":"TesseraDAO Suffers $2.5 Million Exploit Following Ownership Takeover Attack — Crypto Economy","type":"news_article","url":"https://crypto-economy.com/tesseradao-suffers-2-5-million-exploit-following-ownership-takeover-attack/"},{"credibility":2,"name":"TesseraDAO Hack Drains $2.5 Million as TSR Token Crashes Nearly 99% on BNB Chain — BitRss","type":"news_article","url":"https://bitrss.com/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain-216851"},{"credibility":2,"name":"TesseraDAO TSR Token Crashes 99% Following 99M Token Mint Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/02/tesseradao-tsr-plunges-99-after-attacker-mints-99m-tokens/"}]},{"content":"Following the token dump, the attacker swapped the minted TSR for approximately 2.5 million USDT. The funds were then bridged from BNB Chain to the Ethereum network, where 1,285.5 ETH was deposited into Tornado Cash, the OFAC-sanctioned privacy mixer. Tornado Cash was sanctioned by the U.S. Treasury's Office of Foreign Assets Control in August 2022 and has been associated with the laundering of over $7 billion in illicit virtual currency according to U.S. government statements. As of the date of this report, the funds have not been recovered and no on-chain attempt at return or negotiation has been identified.","heading":"Fund Movement and Tornado Cash Laundering","severity":"critical","sources":[{"credibility":2,"name":"TesseraDAO Hack Drains $2.5 Million as TSR Token Crashes Nearly 99% on BNB Chain — BitRss","type":"news_article","url":"https://bitrss.com/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain-216851"},{"credibility":2,"name":"TesseraDao was attacked, hackers minted 99 million TSR and cashed out 2.5 million dollars — ChainCatcher","type":"news_article","url":"https://www.chaincatcher.com/en/article/2268696"},{"credibility":2,"name":"Exploit hits Gnosis Pay, TesseraDAO loses $2.5M as June hacks start to climb — Bitget News","type":"news_article","url":"https://www.bitget.com/amp/news/detail/12560605440181"}]},{"content":"On-chain analyst Specter (@SpecterAnalyst) was the first to flag the exploit on social media, identifying the attacker's address and the minting transaction. Blockchain security firm PeckShield subsequently issued an alert confirming that approximately 99 million TSR had been minted and sold on BNB Chain. PeckShield noted that the exploit had occurred roughly 19 hours before their public alert. No official audit report from a named third-party security firm has been identified for the TesseraDAO protocol, and no pre-launch audit appears to have been publicly disclosed by the project.","heading":"Detection and Security Alerts","severity":"high","sources":[{"credibility":2,"name":"PeckShield Says TesseraDAO Exploit Minted 99 Million TSR, Stole 2.5 Million USDT — BloomingBit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/113373"},{"credibility":2,"name":"TesseraDAO TSR Token Crashes 99% Following 99M Token Mint Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/02/tesseradao-tsr-plunges-99-after-attacker-mints-99m-tokens/"}]},{"content":"As of June 3, 2026, TesseraDAO has issued no public statement regarding the exploit. The project's website and social media channels are reported to have gone silent following the incident. No founders, developers, or team members have been publicly identified by name in any reporting or project documentation discovered during this investigation. The team's anonymity, combined with the absence of any post-incident communication or compensation plan, has heightened community suspicion that the incident may represent an insider exit rather than an external attack. The absence of a named team is itself a material risk factor for holders and prospective users.","heading":"Team Anonymity and Lack of Response","severity":"critical","sources":[{"credibility":2,"name":"TesseraDAO Hack Drains $2.5 Million as TSR Token Crashes Nearly 99% on BNB Chain — BitRss","type":"news_article","url":"https://bitrss.com/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain-216851"},{"credibility":2,"name":"TesseraDAO TSR Token Crashes 99% Following 99M Token Mint Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/02/tesseradao-tsr-plunges-99-after-attacker-mints-99m-tokens/"}]},{"content":"The TesseraDAO incident is consistent with a broader pattern of exploits targeting BNB Chain projects that retain unprotected deployer-level administrative keys. Projects launched via templated token deployer contracts often inherit default mint authorities that are never renounced or transferred to multi-signature governance. This structural vulnerability has been exploited in multiple prior incidents across BNB Chain. The absence of a code audit, multi-sig ownership, and any on-chain governance mechanism left TesseraDAO fully exposed to a single point of failure at the admin key level.","heading":"BNB Chain Systemic Risk Context","severity":"high","sources":[{"credibility":2,"name":"TesseraDAO Suffers $2.5 Million Exploit Following Ownership Takeover Attack — Crypto Economy","type":"news_article","url":"https://crypto-economy.com/tesseradao-suffers-2-5-million-exploit-following-ownership-takeover-attack/"},{"credibility":2,"name":"Hacker Drains $2.4 Million From TesseraDAO Through Unauthorized TSR Minting — UseTheBitcoin","type":"news_article","url":"https://usethebitcoin.com/news/tesseradao-hack-tsr-mint-exploit/"}]}],"sources_used":[{"credibility":2,"name":"TesseraDAO TSR Token Crashes 99% Following 99M Token Mint Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/02/tesseradao-tsr-plunges-99-after-attacker-mints-99m-tokens/"},{"credibility":2,"name":"Hacker Drains $2.4 Million From TesseraDAO Through Unauthorized TSR Minting — UseTheBitcoin","type":"news_article","url":"https://usethebitcoin.com/news/tesseradao-hack-tsr-mint-exploit/"},{"credibility":2,"name":"TesseraDAO Hack Drains $2.5 Million as TSR Token Crashes Nearly 99% on BNB Chain — BitRss","type":"news_article","url":"https://bitrss.com/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain-216851"},{"credibility":2,"name":"TesseraDAO Suffers $2.5 Million Exploit Following Ownership Takeover Attack — Crypto Economy","type":"news_article","url":"https://crypto-economy.com/tesseradao-suffers-2-5-million-exploit-following-ownership-takeover-attack/"},{"credibility":2,"name":"TesseraDao was attacked, hackers minted 99 million TSR and cashed out 2.5 million dollars — ChainCatcher","type":"news_article","url":"https://www.chaincatcher.com/en/article/2268696"},{"credibility":2,"name":"PeckShield Says TesseraDAO Exploit Minted 99 Million TSR, Stole 2.5 Million USDT — BloomingBit","type":"news_article","url":"https://en.bloomingbit.io/feed/news/113373"},{"credibility":2,"name":"Exploit hits Gnosis Pay, TesseraDAO loses $2.5M as June hacks start to climb — Bitget News","type":"news_article","url":"https://www.bitget.com/amp/news/detail/12560605440181"},{"credibility":2,"name":"TesseraDao Attacked: Hacker Mints 99 Million TSR Tokens — TechFlow","type":"news_article","url":"https://www.techflowpost.com/en-US/newsletter/124264"}],"summary":"TesseraDAO is a BNB Chain project whose native token TSR was exploited on June 1, 2026, when an attacker used a stolen or insider-held admin private key to mint 99 million TSR tokens and immediately sell them, draining approximately $2.4–2.5 million from liquidity pools and collapsing the token price by 99%. Stolen proceeds were bridged to Ethereum and laundered through Tornado Cash. The project's team has issued no public statement and no recovery plan has been announced.","timeline":[{"date":"2026-06-01","event":"Attacker uses stolen or insider admin key to mint 99 million TSR tokens from zero address on BNB Chain at 11:38:25 AM UTC (tx: 0x25093e573c116562c8839dc67a15ac21761271006a8dfe50b18fa475564bfcd1). Tokens are immediately dumped on DEXes, collapsing TSR price by approximately 99%.","source":"CryptoTimes / UseTheBitcoin","source_url":"https://www.cryptotimes.io/2026/06/02/tesseradao-tsr-plunges-99-after-attacker-mints-99m-tokens/"},{"date":"2026-06-01","event":"Attacker swaps minted TSR for approximately 2.5 million USDT, bridges funds from BNB Chain to Ethereum, and deposits 1,285.5 ETH into Tornado Cash.","source":"BitRss / ChainCatcher","source_url":"https://bitrss.com/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain-216851"},{"date":"2026-06-02","event":"On-chain analyst Specter (@SpecterAnalyst) flags the exploit on social media, identifying the attacker's address. PeckShield issues a security alert confirming 99 million TSR minted and sold, noting the exploit occurred approximately 19 hours earlier.","source":"BloomingBit / CryptoTimes","source_url":"https://en.bloomingbit.io/feed/news/113373"},{"date":"2026-06-02","event":"Multiple crypto news outlets publish reporting on the exploit. TesseraDAO website and social channels remain silent. No official statement or recovery plan is issued.","source":"CryptoTimes / Crypto Economy / UseTheBitcoin","source_url":"https://crypto-economy.com/tesseradao-suffers-2-5-million-exploit-following-ownership-takeover-attack/"},{"date":"2026-06-03","event":"As of this date, TesseraDAO has issued no public statement. No compensation plan or fund recovery has been announced. Community debate continues over whether the incident was an external hack or insider exit.","source":"BitRss","source_url":"https://bitrss.com/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain-216851"}]},"v":1}