Key Takeaways:
The TAC protocol’s cross-chain layer on the TON network was exploited for approximately $2.8 million, the latest in a series of high-value attacks on blockchain bridges this year. The attacker drained USDT, BLUM, and tsTON tokens before the protocol’s developers paused the bridge.
In response to the breach, the TAC team publicly offered the attacker a 10 percent white hat bounty for the return of the remaining 90 percent of the funds. “We have paused the bridge and are working on a solution,” the team said in a statement.
The exploit follows a string of costly security failures in the DeFi sector, intensifying scrutiny on the vulnerabilities of cross-chain infrastructure. Just this week, cross-chain swap aggregator Transit Finance lost $1.8 million in DAI stablecoins in an exploit flagged by security firm PeckShield. These incidents come on the heels of the far larger $292 million KelpDAO exploit in April, which was tied to bridge technology from LayerZero. The fallout from that attack prompted the Solv Protocol to migrate over $700 million in tokenized Bitcoin infrastructure from LayerZero to Chainlink’s Cross-Chain Interoperability Protocol (CCIP), citing the need for “battle-hardened and time-tested” infrastructure.
These repeated breaches highlight the systemic risks associated with cross-chain bridges, which have become a primary target for attackers due to their complexity and the large amounts of assets they secure. The DeFi space has seen a marked trend of protocols reassessing their security dependencies, with many, like Solv and KelpDAO, choosing to standardize on platforms like Chainlink CCIP that offer more robust, multi-verifier security models. The continued exploits, with losses in 2026 already projected to exceed $2.3 billion, underscore the critical need for institutional-grade security as the industry matures.
This article is for informational purposes only and does not constitute investment advice.
