TesseraDAO, a decentralized finance project on BNB Chain, has been hit by a severe security incident that has effectively destroyed the value of its governance and utility token, $TSR.According to alerts from blockchain security firm PeckShieldAlert and on-chain investigator Specter, an attacker minted approximately 99 million TSR tokens through the project’s smart contract. The exploiter then rapidly sold the newly minted tokens on the market, extracting around $2.5 million in USDT. The stolen funds were subsequently bridged from BNB Chain to Ethereum, after which 1,285.5 ETH was laundered through the privacy mixer Tornado Cash.
#PeckShieldAlert Specter has reported that 99M $TSR was minted and dumped (-99%) on #BNBchain ~19 hours ago @TesseraDao.
The exploiter swapped the $TSR for ~2.5M $USDT, bridged the stolen funds to #Ethereum, and has already laundered 1,285.5 $ETH via #TornadoCash. pic.twitter.com/6cXKDyQi9l
— PeckShieldAlert (@PeckShieldAlert) June 2, 2026
The exploit address associated with the incident is 0x2201…f2Dd8. Security researchers and on-chain analysts strongly suspect that this was not a conventional external hack but rather an insider attack or the exploitation of a hidden backdoor. Reports indicate that minting privileges and certain critical functions (including MultiTransfer) were controlled exclusively by deployer-related addresses. Some analysts have described it as a rug pull-style operation executed via compromised or privileged access.This incident highlights a recurring vulnerability in smaller DeFi projects: the presence of centralized minting capabilities and privileged administrative functions in smart contracts, which can be catastrophic if the controlling keys are compromised or misused.
The TesseraDAO exploit also comes amid a wider wave of BNB Chain-related security incidents in 2026. In a separate attack reported recently, DxSale’s legacy liquidity lockers were drained of approximately $7.3 million after attackers exploited weaknesses tied to outdated locker contracts, further raising concerns about poor contract architecture and centralized controls across smaller DeFi ecosystems.
The massive dump of minted tokens caused $TSR to lose nearly 99% of its value within hours. The token price plummeted to microscopic levels (around $0.0002), with liquidity drying up and trading volume collapsing. Retail investors holding the token have suffered significant losses, and the project’s market capitalization has been virtually wiped out.As of the latest updates, the TesseraDAO team has not issued any official statement regarding the exploit. The project’s website and social media channels remain silent on the matter, leaving the community without clear guidance.
This exploit adds to the list of security incidents that continue to plague smaller DeFi protocols in 2026, even as larger institutional players push forward with regulated blockchain initiatives. While major platforms invest heavily in audits and security, many smaller projects still carry risks due to poor contract design, centralized controls, or insufficient oversight.On-chain investigators continue to monitor the movement of the laundered funds. It remains to be seen whether any portion of the stolen assets can be recovered or if the TesseraDAO team will take steps toward remediation, such as contract migration or compensation attempts.This story is developing rapidly. Further updates are expected if the project issues a response or if additional on-chain developments emerge.
