Blockchain project TAC has released a post-mortem report on the $2.85 million TON bridge exploit that occurred on the 11th (local time). According to the report, the hacker bypassed the bridge's code hash verification with a fake contract that mimicked a jetton wallet, and as the bridge processed false input values as normal USDT deposits, unsecured assets were issued on the TAC side, and locked assets on the TON side were leaked. The stolen assets were distributed and laundered across multiple networks via LayerZero, and while security firm Hypernative immediately detected it, recovery failed at the time. TAC stated, "In the response process, we recovered most of the funds through direct negotiation, and we will cover the remaining amount with foundation funds to fully compensate user losses. The patched sequencer will be gradually restarted after external audits and peer reviews."
