TesseraDAO Security Incident Investigation Report
Date: June 2, 2026
Loss Amount: ~$2.5M USDT
Status: Project Team Unresponsive
Executive Summary
On June 1, 2026, TesseraDAO was attacked on BNB Chain. The attacker minted approximately 99 million TSR tokens and quickly dumped them, causing the token price to crash 99%, dropping from normal price to approximately $0.0002. The project team has not released any official statement to date.
Attack Vector Analysis
Attack Path
- Minting Phase: Attacker minted 99,000,000 TSR tokens through the project's smart contract
- Exchange Phase: Swapped TSR for approximately 2.5 million USDT on decentralized exchanges
- Cross-Chain Phase: Bridged stolen funds from BNB Chain to Ethereum
- Money Laundering Phase: Obfuscated 1,285.5 ETH transactions through Tornado Cash
Technical Details
| Metric | Data |
|---|---|
| Attacker Address |
0x2201037A1755eC48eC5f00Fea21A10A9E56f2Dd8 (BSC) |
| Minted Token Amount | 99,000,000 TSR |
| Illicit Gains | ~2,500,000 USDT |
| Tornado Cash Laundering | 1,285.5 ETH |
Key Suspicion: Likely Rug Pull
On-chain analysts strongly suspect this was not an external hack but insider involvement or privilege abuse:
- Minting privileges and MultiTransfer functionality are exclusively controlled by deployer-related addresses
- Attacker address has connections to the project deployer
- Project team remains silentβa typical Rug Pull characteristic
- Not discovered and publicly disclosed by security firms until 19 hours later
2026 BNB Chain Attack Pattern Comparison
| Project | Date | Loss | Pattern |
|---|---|---|---|
| DxSale | Early June | $7.3M | Legacy architecture + ownership transfer |
| TesseraDAO | June 2 | $2.5M | Mint+dump+suspected insider |
| Specter | May | ~$2M | Token contract vulnerability |
Data Sources
- PeckShieldAlert: https://x.com/PeckShieldAlert/status/2061713210210988434
- CryptoCompass: https://cryptocompass.com/articles/tesseradao-hack-drains-2-5-million-as-tsr-token-crashes-nearly-99-on-bnb-chain
- BSCScan: https://bscscan.com/address/0x2201037A1755eC48eC5f00Fea21A10A9E56f2Dd8
Risk Warnings
- Beware of "Centralized Mint Authority": If projects retain single-point minting capability, user funds are never safe
- Pay Attention to Project Silence: Projects that don't respond after an attack are oftenεΏθ (guilty) Rug Pulls
- DeFi Security Requires Systematic Auditing: Pre-launch audits alone are insufficient for long-term security
π Protect Your Crypto with ChainSentinel
ChainSentinel β AI-powered on-chain risk intelligence platform:
- Real-time Risk Scanning β Check any address for rug pulls, phishing, and exploit risks
- Multi-Chain Monitoring β Ethereum, BSC, and more
- AI-Powered Analysis β Gemini-driven risk engine
π Try ChainSentinel Free | Pro Plan - $29/month
Stay safe on-chain. Get alerts before the next exploit.
Top comments (0)