Hackers Drain Over $3M from TAC Protocol Cross-Chain Bridge Between TON and ETH

On May 12, 2026, the TAC Protocol team officially confirmed a security incident on their cross-chain bridge with TON. The bridge, which acts as a “layer” between the TON ecosystem (and Telegram’s billion-user audience) and Ethereum (EVM applications), was exploited. According to community reports and on-chain analysts, attackers stole assets worth more than $3 million.

What Happened?

The main withdrawal transactions took place as early as the morning of May 11. One of the largest was a massive USDT transfer via LayerZero, for example, the Etherscan transaction where nearly 500,000 USDT was moved. The hacker bridged the USDT to Ethereum, swapped it for ETH, and then converted it into DAI (a freeze-proof stablecoin).

Among the stolen assets:

• USDT
• Approximately 58 million BLUM tokens (the native token of the hybrid Telegram mini-app exchange Blum)
• Other tokens (including a significant amount of BNB-like assets)

The total loss from BLUM and related tokens alone exceeds $500,000. TAC officially states that the incident affected only native TON Jettons that were bridged from TON (excluding $TON itself). Native $TON and all Ethereum-native assets remain untouched.

Official Statement from TAC

The @TacBuild account published the following update:

“We are currently investigating a security incident affecting the TAC bridge with TON. The bridge was immediately paused after receiving reports from our security partners. The issue appears to be isolated to native TON Jettons bridged from TON (excluding $TON). $TON and all other Ethereum-native assets are unaffected. Cross-chain transactions from TON remain paused during the investigation. Protecting our users is our top priority. If anyone was impacted, we will do everything possible to compensate for the losses. We will provide regular updates through our official channels.”

The bridge has now been fully paused, and all cross-chain operations involving TON are on hold.

Context and Risks

TAC Protocol is an EVM-compatible L1 designed specifically as a seamless bridge between Ethereum DeFi and the TON/Telegram ecosystem. It allows users to run Ethereum dApps (Uniswap, Aave, etc.) directly inside Telegram wallets without extra bridges or wrapped tokens. The project has raised $11.5 million in funding and positions itself as the key “on-ramp” for DeFi into TON.

The incident comes amid a recent surge in attacks targeting Telegram bots and mini-apps. Over the past few days, TON wallet users have reported private-key compromises via fake bots. Analysts link this wave of scams directly to heightened activity in the TON ecosystem.

A full report on the exact amount stolen and the attack vector (smart-contract vulnerability, oracle compromise, or admin-key breach) has not yet been released. TAC continues its investigation in coordination with security partners.

What users should do:

1. Do not initiate any new cross-chain transactions via TAC until an official all-clear is issued.
2. Check your bridged Jettons immediately.
3. Exercise extreme caution with Telegram bots and mini-apps for crypto.

This is already the latest major bridge incident of 2026, underscoring that cross-chain security remains one of the biggest risks in the market.