The TON Application Chain (TAC) project has moved from a security crisis to a resolution after a cross-chain bridge exploit on May 12 drained approximately $2.8 million in digital assets. In a surprising turn, the attacker agreed to return the majority of the funds in exchange for a 10% white hat bounty, leading TAC to reclassify the incident.
The exploit targeted TAC’s bridge on the TON network, specifically compromising native TON Jettons bridged from TON, with stolen tokens including USDT, BLUM, and tsTON. TAC immediately paused the bridge and confirmed that its native TAC token, TON, and all ERC-20 tokens were unaffected. The foundation pledged to sell treasury-held TAC tokens in a legally structured sale to fully compensate users, a commitment that helped stabilize community sentiment.
By May 14, the team announced the hacker had taken up the offer, returning funds to designated multisig wallets on Ethereum and TON. The white hat bounty totals roughly 13 ETH + 300ZEC, equivalent to $280,000 (10% of $2.8 million). TAC coordinated with security partner SEAL 911 and law enforcement, suspending any litigation against the hacker.
The incident had a significant impact on TAC’s market: the TAC token price dropped over 21% within the week, and its market capitalization fell from $91 million to $79 million. The protocol’s total value locked (TVL) shrank to about $2.74 million, nearly equal to the stolen sum. This security breach adds to a series of cross-chain vulnerabilities in early May 2026, including a $1.88 million exploit on Transit Finance and smaller private key compromises flagged by GoPlus Security. Despite the recovery, TAC’s bridge remains paused, and the team has not yet provided a timeline for resuming operations.
