The TAC Protocol cross-chain bridge between TON and Ethereum lost roughly $2.8 million in a fresh attack on May 14, 2026. Yet the $TAC token rallied close to 30% on the same day. It now sits up nearly 300% on the month. That kind of price action should make you stop and ask why traders are buying a hack, not selling it. Here’s what we know about the breach, why the chart is going the other way, and what bridge users should actually do.
What Happened to the TAC Protocol Bridge
TAC Protocol is a Layer-1 blockchain — its own independent network. It lets Ethereum apps run inside Telegram by linking The Open Network (TON, the blockchain powering Telegram wallets) with Ethereum’s huge DeFi ecosystem.
When you bridge a token from one chain to another, the bridge holds your asset on the source chain. It then gives you a matching version on the destination chain. That pooled money is what attackers go after.
The attack drained around $2.8 million in user assets from the bridge. The TAC team said the loss was contained to “approximately $2.8 million across USDT, BLUM, and tsTON.” The team also confirmed that the breach did not touch the $TAC token, TON, or any ERC-20 tokens bridged from Ethereum. The foundation has not yet disclosed the exact attack path.
We’ve seen similar opacity in earlier bridge incidents this year. It usually means the team is still patching the hole before sharing details publicly.
How TAC Plans to Compensate Affected Users
The recovery plan is unusual. The team won’t raise fresh capital or tap an insurance fund. Instead, it plans to sell tokens from its reserves and use the proceeds to reimburse affected users. The team hasn’t published a firm timeline, token amount, or sale format yet.
The math here is fragile. If the TAC token price drops while the foundation sells, the recovery pool shrinks with it. That’s why users who had funds in the bridge are watching the market price and the foundation’s official channels closely.
Why the $TAC Pumped Anyway
This is the strange part. Hacks usually crater a token’s price — yet $TAC has rallied roughly 188% in the past seven days and is trading near its all-time high of $0.028, set just before the breach. Three forces explain the disconnect.
- First, the attack was tiny relative to $TAC’s market cap (~$100M) and the broader ecosystem’s $800M+ TVL. For traders, $2.8 million is a rounding error.
- Second, the rally pre-dates the hack. TAC has been climbing since late February, when Telegram’s TON Wallet launched in-app Vaults. The feature lets 150M+ Telegram users earn yield on BTC, ETH, and USDT through infrastructure that Morpho, Re7, and TAC power together. That one integration plugged TAC into a user base most Layer-1s spend years chasing.
- Third, supply is tight. TAC’s circulating supply sits at roughly 56% of max. The team, investors, and reserves still hold 80% of total supply under lock, with vesting starting 12+ months after launch.
- Add a Binance Alpha airdrop event and 82% APR liquidity mining on Carbon DeFi pulling tokens off the market, and the float looks thinner than the market cap suggests. Thin float plus a strong narrative is how you get a 30% pump on the same day as a $2.8M hack.
The bull case is real, but it rests on a few things continuing to work. TAC captures value when Telegram users actually transact. Every swap inside a MiniApp, every yield strategy, every dApp call burns TAC for gas. That’s the loop the price is paying for.
The risk sits on the other side of the ledger. TAC funds its 8–10% staking APY through inflation. Large investor unlocks scheduled post-2026 could flood the market if demand doesn’t keep up. A bridge breach right now doesn’t change the math directly. But it adds to the list of things that could spook future buyers once those unlocks hit.
Why Cross-Chain Bridges Keep Getting Hit
Bridges pool liquidity from many chains into one set of smart contracts. That makes them honey pots. DeFi protocols have lost more than $750 million to hacks and exploits in 2026. Kelp DAO’s LayerZero bridge drained of $292 million in April, and Drift Protocol losing $285 million the same month.
The pattern isn’t just about bridges. It’s about anywhere assets pile up under one set of permissions. A few weeks back, an attacker found a public function nobody had locked down inside a 1inch resolver and walked off with millions.
Different protocol, different bug, same root cause: complex DeFi infrastructure stacks up risk in places most users never look.
The TAC team did try to get security right before launch. A fresh Halborn audited the EVM layer in late May 2025. Trail of Bits and Quantstamp covered the TON Adapter and proxy contracts before that.
Audits help, but they’re not bulletproof. Most of 2026’s biggest breaches hit audited code.
What It Means for TON, ETH, and TAC Holders
For Toncoin holders watching the Toncoin to USD price, direct exposure is limited. The hack didn’t drain TON itself — it hit TAC’s bridge contract, not the TON network.
The reputational damage is the harder problem. Solv Protocol, a Bitcoin DeFi platform with $700M+ in assets, already plans to phase out LayerZero bridging across networks, including TAC. The team is moving to Chainlink CCIP. That kind of housekeeping tends to spread fast after an incident.
If you’ve used the TAC bridge in the past, the safest move right now is to check what permissions you’ve left active. Old token approvals — the standing permissions you grant a smart contract when you first interact with it — can be reused by an attacker long after you’ve stopped using the app.
The post Hackers Drain $2.8M From TAC Protocol Bridge: TON’s DeFi Gateway Under Fire appeared first on Memeburn.
