In an industry that has already defaulted to viewing cross-chain infrastructure as a high-risk area for incidents, the L1 blockchain project TAC has also not escaped this round of impact—its cross-chain layer responsible for asset transfers between different networks recently reported a security incident. According to official confirmation, approximately $2.8 million worth of assets were transferred without authorization, affecting various tokens including USDT, BLUM, tsTON, and more, with the related funds being dispersed to multiple ETH, BSC, ZEC, and TON addresses. After the incident was exposed, TAC chose to "call out" the attacker both on-chain and in the public discourse: as long as the transferred assets are returned in full to the project's designated multi-signature address, the team would regard it as a "white hat operation," not only promising a 10% bounty of the returned amount but also stating that under the premise of full recovery of the funds, no legal action would be taken against the actual operators of the aforementioned addresses. In the context of frequent failures of cross-chain bridges and the ongoing amplification of project credibility vulnerabilities, whether TAC’s offering of a 10% white hat bounty can find an acceptable balance in the market between compensating for losses and rebuilding trust is becoming a sharper inquiry beyond this incident.

Cross-chain Layer Breached: The Moment $2.8 Million Worth of Assets Were Taken

For TAC, what truly broke through the defense line was not a specific single-point application but the cross-chain layer that was supposed to serve as a "hub." As an L1 blockchain project, TAC centralized the transfer, mapping, and custody of assets between different networks on this cross-chain infrastructure; all cross-chain assets wanting to move in and out of TAC from networks like ETH, BSC, or TON must first pass through here. The official later confirmed that this gateway recently encountered a security incident, with approximately $2.8 million worth of assets being transferred without authorization, with affected token varieties clearly including USDT, BLUM, and tsTON.

What is more unsettling is that key details remain shrouded in ambiguity. TAC mentioned in its statement that the ETH/BSC, ZEC, and TON addresses related to this incident have been identified by the project but did not disclose the specific addresses to the public. Additionally, there is evident conflict in the timing of when the attack actually occurred according to the existing public materials. For a cross-chain layer, this not only serves as the custody hub for assets during cross-chain transactions but is also a concentrated point of risk; once this defense line is breached, even if only a portion of assets are taken, the entire cross-chain infrastructure’s security image in users' minds will be forced to be reassessed.

From Hacker to White Hat? The 10% Incentive Proposed by TAC

In the official statement, TAC clearly outlined the threshold for becoming a "white hat": the related assets must be fully returned to the designated multi-signature address along the original route; only after the return is completed will this action be recognized as "white hat rescue," rather than mere theft and return. In exchange, TAC promises to pay a white hat bounty equivalent to 10% of the transferred asset amount to the returnee, and furthermore, will not take legal action against the operators of the related ETH/BSC, ZEC, and TON addresses, provided the funds are fully returned. For the attacker, this means the approximately $2.8 million worth of assets are no longer just "take what you can get," but rather a binary bargaining chip: either disappear with all assets and potential criminal liability or return 90% to receive a 10% legalized gain along with the project’s promise of immunity.

This design is more akin to a post-factum negotiated arrangement than the traditional "preemptive" white hat bounty aimed at security researchers. On one hand, TAC prioritizes the recovery of assets through a clear 10% ratio and no accountability clause, drawing the attacker back to the negotiation table; on the other hand, this also signifies a concession on the part of the project: as long as the money comes back, they are willing to rewrite the opponent's role label as “white hats.” For users and industry observers, this choice of "exchanging bounty for safety" may be interpreted as a pragmatic yet gray-area transaction—it may help to recover losses to the greatest extent but is unlikely to completely eradicate concerns about the security boundaries and accountability boundaries of the cross-chain layer.

Cross-chain Bridges Frequently Fail: Old Problems Replayed with TAC

If the white hat bounty is a remedial transaction, then zooming out reveals that TAC is merely a repeat of an old problem. Cross-chain bridges and cross-chain layers were originally designed as the "transfer stations" of a multi-chain world, with one end interfacing with source chain asset custody and the other end responsible for mapping and accounting on the target chain; theoretically, they are merely infrastructures that faithfully execute cross-chain rules. However, precisely because they are located on the essential path of asset transfers, any lapse in permission management, contract loopholes, or monitoring gaps can expose the asset security of the entire system to a single point of failure.

In recent years, multiple significant asset loss incidents have been associated with vulnerabilities in cross-chain bridges, and thus cross-chain infrastructure has been repeatedly identified as one of the major sources of risk within the industry. As an L1 responsible for asset transfers between different networks, TAC recently saw unauthorized transfers of about $2.8 million worth of assets, involving tokens such as USDT, BLUM, and tsTON, which notably fits within this risk context: attackers do not need to penetrate all chains; as long as they can breach this "gateway" of the cross-chain layer, they can rewrite the ledger of multi-chain assets. This incident vividly materializes the industry’s long-standing concerns—while the multi-chain narrative continues to advance, cross-chain security remains a systemic weak point, and any project that becomes complacent here will ultimately pay a cost that is not a small number.

Project Response and the Tug-of-War for User Confidence

After the incident was exposed, TAC opted to "lay its cards on the table." In its official statement, not only did it confirm that the cross-chain layer experienced a security incident, but it also proactively provided the scale of approximately $2.8 million in losses and affected asset types, including USDT, BLUM, tsTON, and simultaneously proposed a white hat rescue plan: if the attacker returns the assets in full to the designated multi-signature address as required, they can receive a white hat bounty equivalent to 10% of the transferred amount, and the project also promises not to take legal action against the operators of the relevant ETH/BSC, ZEC, and TON addresses under this premise. This handling path creates an image of "willingness to take responsibility and negotiate," making users familiar with industry practices realize that white hat bounties are not an isolated case, but rather a risk management tool that has been practiced; on the other hand, it also places TAC under a higher moral standard—since you chose to disclose, it means the community will scrutinize every security incident, every upgrade, and every announcement with more rigorous criteria.

For ordinary users, the cross-chain layer is seen as a "black box" for asset transfer across networks; once an incident occurs, the first reaction is often "Are my assets still there?" and the second is "Has the project clarified what happened?" In this incident, TAC responded to the latter with relatively complete information disclosure, yet the anxiety regarding the former still requires time and follow-up actions to mitigate. Especially after multiple media, such as Jinse Financial, Odaily Planet Daily, and Foresight News, concentrated their reports around May 14, 2026, TAC's handling pace was thrust into the spotlight: once the statement was issued, the community would expect ongoing updates on progression, whether the white hat negotiations yielded results, and how follow-up remedial plans would be implemented, while any information vacuum would be interpreted as poor communication. Thus, the project oscillated between "disclosing promptly to stabilize emotions" and "avoiding frequent updates that may cause more panic," while users fluctuated between the conflicting mentalities of "needing transparency" and "fearing bad news," repeatedly weighing whether to continue trusting this previously quietly operational cross-chain channel.

What to Look for Next: White Hat Returns and Security Reconstruction

The most immediate point of observation ahead is whether the attacker will respond to the white hat proposal: according to TAC's statement, as long as approximately $2.8 million worth of transferred assets are fully returned to the designated multi-signature address, a 10% white hat bounty can be earned and, under this premise, the relevant ETH/BSC, ZEC, and TON address operators will not face legal accountability. As of mid-May when various media concentrated their reports, publicly available materials remained at the incident disclosure stage and the white hat proposal itself, with specifics on whether funds were returning, when they would return, and how they would be confirmed and publicized on-chain being variables that need to be continuously monitored. At the same time, the industry will also watch whether TAC proceeds towards a thorough security reconstruction—this includes comprehensive security audits of the cross-chain layer, re-evaluating and delegating permissions, and supplementing risk disclosure mechanisms—because cross-chain bridges and layers have been repeatedly validated as high-risk areas for incidents, the sincerity and strength of such "post-incident reconstructions" will largely determine whether the community can still accept this chain to continue serving as an asset channel. A longer-term insight is that TAC's choice of the white hat rescue path provides a comparable paradigm for cross-chain projects dealing with security incidents: how to balance the incentive rules encouraging attackers to “turn back to the shore” with retaining space for strict accountability, and how to establish a new industry consensus between transparent communication, goodwill incentives, and serious responsibilities, will become key issues that cannot be avoided when observing this incident and the evolution of the entire cross-chain security culture.

Join our community, let’s discuss together and become stronger!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh
AiCoin On-Chain: https://aicoin.com/hyperliquid
Exclusive AiCoin Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive AiCoin Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。