Post-Mortem Report: TAC Bridge Appendix II - Onchain Tracing

‍Summary

This document is an appendix to the main Post Mortem analysis of the security incident that affected TAC Bridge. It addresses the detailed tracing of the incident that happened on May 11th, 2026. Refer to the main document for the overall context.

Timeline and Sequence of events

11.05.2026

The attack on the TON/TAC sides was executed by a single TON address, with the proceeds consolidated to a single Ethereum receiver. The on-chain sequence was:

• Deployment of a fake jetton wallet on TON:
  EQA8rR5ofiIdpOO7l1JNSE0dthUp1AOxw0T5tO7ONIOkv9e9— a contract that looked like a USD₮ jetton wallet from the bridge's perspective, which belongs to the responsible party’s wallet EQBPHhXyG_vbsAEnB6YccNhhaVc6I3ixOCc7vriaOzo4AFA8.
• Bridge message sent to the TAC Proxy contract: transaction bcc1f5c1…49154.
• Sequencer set acceptance and mint on TAC: the quorum of sequencer set accepted the fake USD₮ as valid because the software did not verify the minter code of the sender jetton wallet. This is the real bug identified. The equivalent tokens were minted on TAC to the responsible party 's TAC address 0xB8D5E0a0100361fb0c67085Fc122F64de2D796BD (14 mint transactions across BLUM, USD₮, tsTON).
• Drain of the TON bridge: the responsible party bridged the minted tokens back from TAC to TON, releasing the bridge's locked assets on TON.
• Cross-chain exfiltration: USD₮ was bridged from TON to Ethereum mainnet via LayerZero (USDT0) in 13 transactions, and BLUM was bridged from TAC to BSC in 2 transactions.
• Mixing on Ethereum: the proceeds were split into DAI (held on a second ETH address), ETH (forwarded through NEAR Deposit, later withdrawn via Zcash), and WBTC (routed through THORChain to a Bitcoin address).
• Mixing on BSC: BLUM is being actively swapped into BNB and deposited into the HOT protocol; approximately 14M BLUM (52K$) remains unswapped at the time of writing.

14.05.2026

The investigation resulted in a one-way recovery proposal, which was publicly announced. Three multisig wallets under the TAC team's full control were set up and communicated as part of the recovery process. Following additional on-chain consolidations, partial refund transactions were executed:

• The responsible party used THORChain to swap back the Bitcoin to wBTC on Ethereum and moved the remaining BLUM on BSC to a different address
• The responsible party started sending funds to the 4 multisigs, keeping for himself the 10% of the funds as agreed: 300 ZEC (partially transparent, partially shielded), 13 ETH in Tornado protocol, 1007 SOL coming from a Near Intents bridge used with 108 BNB resulting from BLUM exfiltration on BSC
• The responsible party, moreover, handed over the private key for the wallet 0xB8D5E0a0100361fb0c67085Fc122F64de2D796BD because it was flagged by the Near Intents team that froze 77.2BNB

Technical Details

Refer to the main Post Mortem analysis for details

Impact

All numbers below are taken directly from on-chain data. The responsible party 's TAC address is 0xB8D5E0a0100361fb0c67085Fc122F64de2D796BD.

Headline loss

Tokens minted on TAC to the responsible party (via bridging)

Tokens bridged back from TAC to TON (drain target)

Other outgoing transfers from the responsible party's TAC address

Note: the 5,000 USD₮ routed through Curve was swapped for ~240,000 TAC, probably to pay for transaction fees, which still sits on the responsible party's TAC address (0xB8D5E0a0100361fb0c67085Fc122F64de2D796BD) and has not been moved.

Responsible party’s mint transactions on TAC

Responsible party’s transactions on TON

* - In this transaction, the responsible party attempted to transfer 17,474.232759343 tsTON from the TAC’s jetton proxy wallet to their address. The flow reached the jetton_transfer call, but the transaction failed during the compute phase: success=false, aborted=true, exit_code=706. In the jetton wallet code, exit code 706 maps to INSUFFICIENT_JETTON_BALANCE: after subtracting the requested amount, the wallet balance would have become negative, so execution was stopped. In short, the exploit path reached the withdrawal attempt, but the jetton proxy wallet did not hold enough tsTON. As a result, this attempted transfer failed, and no tsTON was moved (except for 8277 tsTON, which was moved by the following transaction, as the amount was available on the jetton proxy).
** - The same thing happened in this transaction.

Post incident: On-Chain Fund Tracing

The responsible party consolidated proceeds onto a single Ethereum receiver and then split them across DAI (Uniswap), ETH (forwarded via NEAR Deposit), and WBTC (routed through THORChain to Bitcoin). BLUM was bridged separately from TAC to BSC using LayerZero OFT endpoint and is being progressively swapped to BNB and deposited into the HOT protocol.

Responsible party’s bridge operations: TON → Ethereum (LayerZero / USDT0)

Thirteen LayerZero transactions were used to move USD₮ from TON to Ethereum mainnet. Each row can be independently confirmed on LayerZero Scan.

Subtotal: $2,454,631.42

Responsible party’s bridge operations: TAC → BSC (BLUM)

Subtotal: 59,414,348.594827759 BLUM (≈$213,897.00)

Total extracted assets observed in-flight across USD₮ + BLUM leaving TON blockchain: $2,668,528.42.

Ethereum mainnet

Initial receiver of all bridged tokens on Ethereum: 0xDFf18B83BB3F6b78918C045D84E075ED54b45fC4.

DAI: $1,040,163 worth of DAI (swapped via Uniswap) is held on a second responsible party’s address 0x46FB375EAc7a44C231b2b7aB762040ee74908CDc.

USD₮ → ETH swaps (subsequently forwarded to NEAR Deposit):

Subtotal swapped to ETH: $958,612.27.

ETH forwarded to NEAR Deposit → ZCash :

All the ETH routed via NEAR were subsequently withdrawn via Zcash landing on this address: t1h6NcBAciYGdaVb4Ej1AELTx1D9UF9WUDr

WBTC → THORChain → Bitcoin

The remaining Ethereum proceeds were swapped to WBTC and routed through THORChain to a Bitcoin address.

WBTC swaps:

THORChain router transactions:

Final Bitcoin destination: bc1qjhqztgk0k2l35r6tfv9fw7y3q4r6yh3x6c9l8j, confirmed via THORChain scan: tx 67754C26…A988EDA2, tx ED69C35E…517D62C5, tx E9B4F539…61CE4C38. THORChain account view.

Binance Smart Chain (BLUM)

On BSC, the initial receiver of BLUM is 0xB8D5E0a0100361fb0c67085Fc122F64de2D796BD — the same EVM key as the responsible party's TAC address. The responsible party is actively swapping BLUM and has not finished; the proceeds (BNB) are aggregated into 0x4A123c832D7D1A2bC9c5279c6f122b5d52215b9b and then deposited into the HOT protocol.

HOT protocol deposits observed so far:

Approximately 14M BLUM tokens (52K$) remain on the BSC receiver, not yet swapped as of 12th May 2026.

Money flow overview

• Exploit on TON + TAC, executed from a single TON address.
• All ETH-side assets are bridged to a single Ethereum receiver.
• Split into three streams on Ethereum: DAI (held on a second ETH address), WBTC (routed to Bitcoin via THORChain), ETH (routed via NEAR Deposit, later exiting through Zcash).
• BLUM stream bridged TAC → BSC; being progressively swapped to BNB and deposited into the HOT protocol.

Funds Recovery phase

As of May 14th, around 00:00 UTC, the TAC team posted on X the list of multisigs under full control to be used for the refund:

The hacker performed some consolidation transactions before initiating a refund toward the multisig under the team’s control:

Bitcoin → THORChain → wBTC

Bitcoin were swapped back to wBTC on Ethereum

THORChain router transactions:

BLUM on BSC

Blum tokens held on BSC waiting to be swapped were moved to a different address before being sent to the multisig under TAC control:

After this consolidation, the responsible party then proceeded to transfer the refund to the multisigs communicated by the TAC team:

Previously, Near Intents team froze 77.2 BNB across 3 different responsible party’s transactions while he was executing exfiltration from BNB on BSC toward SOL on Solana:

To allow the TAC team to recover these funds, the responsible party decided to pass over the Private key of the address that originated these transactions: https://bscscan.com/txs?a=0xB8D5E0a0100361fb0c67085Fc122F64de2D796BD

The TAC team, later on, used this private key to recover the remaining dust owned by this address on BSC and TAC chain and move everything (leaving just some gas tokens) to multisigs under full control of TAC team:

After all these transactions, the full set of recovered assets under the control of the TAC team is the following:

Summary of total recovered funds: 2,290,687.90 USD

As part of the negotiated recovery process, a portion of the affected assets was not recovered and remained outside TAC-controlled addresses following the incident response process:

• 300 ZEC, partially shielded, on t1h6NcBAciYGdaVb4Ej1AELTx1D9UF9WUDr
• 13 ETH on Ethereum, moved into Tornado Cash pool
• 1007 SOL were bridged to 5iUJeMixRp2AP88DJ8Ud4Z4qkrYFUQSLgpVaj64ALgPw and subsequently deposited into the privacy protocol Umbra. A portion of the funds was later observed moving to additional addresses, including HAxKVDEgmnNGaaRHBU4J579RXCuoEGP9iqUKuD2snBwv and 4vBBFZwJHmLZqZRZX1nM2UwPqE9qVaPqiKpWesaNCjca.

During the incident response process, this was accounted for at 287,915.79 USD (which is 10,07% of the total hack). The difference between recovered assets and 90% of the total hack was given to crypto volatility, slippage, bridging fees in the complex exfiltration process over 5 different chains and multiple assets.

Appendix I: Key Addresses

Adding for reference from the main Post Mortem document: