TesseraDAO TSR Mint Exploit:99M Tokens Created and Sold for $2.4M

• Incident Date: June 2, 2026
• Target: TesseraDAO / TSR token on BNB Chain
• Target Overview: TesseraDAO is a BNB Chain project with the TSR token at the center of the reported incident. Public sources described the exploit as an unauthorized or compromised privileged mint path, not as a consensus-layer issue or a vulnerability in BNB Chain itself.
• Reported Exploit Transaction: 0x25093e573c116562c8839dc67a15ac21761271006a8dfe50b18fa475564bfcd1
• Minted Supply: Public reporting described roughly 98 million to 99 million TSR minted without legitimate authorization.
• Total Loss: Approximately $2.4 million to $2.5 million, with multiple reports saying the attacker sold the minted TSR for about 2.4M USDT.
• Market Impact: TSR reportedly fell by roughly 99% after the unauthorized supply entered the market.
• Known Fund Flow: Reports said proceeds were bridged to Ethereum and about 1,285.5 ETH was sent through Tornado Cash.
• Recovery Status: No public final post-mortem, confirmed reimbursement plan, or complete recovery status had been identified in the reviewed sources.
• Attack Vector: Unauthorized Token Mint / Compromised Admin or Minter Key / Privileged Role Abuse / Supply Inflation / DEX Liquidity Drain / Cross-Chain Laundering

---

Incident Review & Technical Details

1. Attack Path

1. A Privileged Mint Surface Became Reachable: Public reporting described the attacker as using a compromised admin or minter capability to create a large amount of TSR on BNB Chain. Whether the root access came from a leaked key, weak role management, or another authorization failure had not been proven by a project-owned post-mortem in the reviewed sources.
2. Unauthorized TSR Was Minted at Scale: The exploit transaction was reported to have created roughly 98M-99M TSR, instantly changing the circulating supply assumptions behind the token market.
3. Inflated Supply Was Sold Into Market Liquidity: The attacker then sold the newly minted TSR into available liquidity, with reports estimating proceeds around 2.4M USDT.
4. TSR Price Collapsed: Because the market was forced to absorb a sudden unauthorized supply expansion, TSR reportedly lost roughly 99% of its value.
5. Proceeds Were Consolidated and Bridged: Public fund-flow reporting said the attacker moved proceeds away from BNB Chain and bridged value to Ethereum.
6. ETH Was Sent Through Tornado Cash: Reports said approximately 1,285.5 ETH was deposited into Tornado Cash, reducing the practical recovery window and increasing attribution difficulty.
7. No Final Technical Disclosure Was Available: At the time of writing, public coverage had not provided a verified contract-level patch, privileged-role timeline, key-compromise confirmation, or definitive recovery outcome.

2. Impact Scope

• Direct Economic Impact: Public estimates ranged from about $2.4 million to $2.5 million.
• Affected Network: The reported mint and sell activity centered on BNB Chain, while later fund movement involved Ethereum.
• Affected Asset: TSR, through sudden unauthorized supply creation and market liquidation.
• Market Damage: TSR reportedly dropped roughly 99%, which means the incident harmed not only protocol-held value but also external holders exposed to the secondary market.
• Liquidity Damage: The attacker extracted value by selling unauthorized supply into available token liquidity, leaving legitimate holders with a heavily diluted asset.
• Unaffected Components: The reviewed sources did not identify a BNB Chain consensus failure, Tornado Cash vulnerability, or DEX protocol exploit. The core failure appears to sit around TesseraDAO's privileged token-control surface.
• Disclosure Gap: Public reports did not yet include an official final post-mortem confirming the exact compromised role, key custody path, patch, residual privileged addresses, or user remediation plan.

3. Root Cause Assessment

This incident is best understood as a privileged mint-control failure. A token mint function is one of the highest-risk controls in any asset contract: if an attacker can reach it, they do not need to drain a vault directly. They can create supply, sell into liquidity, and transfer the economic loss to holders and liquidity providers.

Key risk patterns to examine:

• Mint Authority Was Too Powerful: A role that can create tens of millions of tokens in a single path is effectively a treasury-drain capability.
• Supply-Cap Enforcement Was Insufficient or Absent: A hard cap, per-epoch mint ceiling, or governance-delayed mint schedule could have limited the immediate blast radius.
• Privileged Role Compromise Became Market Extraction: If an admin or minter key was compromised, the attacker could convert role access into liquid funds without touching normal withdrawal functions.
• No Effective Delay Was Evident: Large mints should normally pass through timelocks, multi-signature approval, emission schedules, or on-chain challenge windows.
• Monitoring Did Not Stop the Sell Path Fast Enough: Even if abnormal minting was detectable, the attacker was able to sell and bridge proceeds before effective containment.
• Cross-Chain Movement Reduced Recovery Odds: Once proceeds were bridged to Ethereum and deposited into Tornado Cash, exchange-freeze and direct recovery options narrowed significantly.

The core invariant should have been strict: no single key, hot admin, or immediately executable role should be able to mint a market-moving quantity of TSR without independent approval, delay, supply-limit checks, and automated emergency response.

4. Mitigation and Response

Recommended actions for token projects, DAO operators, and ecosystem monitors:

• Immediately revoke, rotate, or disable any admin, minter, upgrader, or emergency role suspected of compromise.
• Publish the complete transaction set, affected contract addresses, role history, current privileged address list, and whether mint authority remains live.
• Add hard maximum supply constraints and per-period mint ceilings enforced directly in the token contract.
• Route all privileged minting, role grants, implementation upgrades, and treasury-sensitive changes through a multi-signature wallet plus timelock.
• Require independent approval for market-moving mints and bind mint authorizations to amount, recipient, nonce, deadline, chain ID, and verifying contract.
• Add automated alerts for abnormal Transfer events from the zero address, large supply changes, role grants, admin transfers, upgrade events, and sudden DEX sell pressure.
• Prepare circuit breakers that can pause minting, pause protocol-controlled liquidity interactions, and trigger user-facing warnings when abnormal supply changes occur.
• Monitor bridge routes, Tornado Cash deposits, and exchange-bound fund flows tied to attacker wallets, then coordinate abuse reports quickly where centralized touchpoints appear.
• Run post-incident key-custody review covering signer devices, deployer wallets, CI secrets, multisig thresholds, role separation, and operational access logs.
• Convert the incident into regression tests for unauthorized mint calls, compromised-role simulations, supply-cap bypasses, missing timelocks, large sell sequences, and bridge-out flows.
• Publish a final post-mortem that distinguishes confirmed facts from assumptions: root cause, compromised role or key path, patch status, recovery status, and holder remediation.

---

AUTOSEC.DEV Solution: Building a 360-Degree Defense

The TesseraDAO TSR incident shows why token security must treat mint authority as a live economic control, not a routine admin feature. A compromised minter can create sellable value instantly and push losses into the market before teams can coordinate a response.

1. Token Privilege & Supply-Control Review: AUTOSEC.DEV reviews mint roles, burn roles, caps, emission schedules, timelocks, multisig ownership, upgrade paths, and emergency controls.
2. Key-Custody & DAO Operations Assessment: We assess signer custody, admin wallet hygiene, multisig thresholds, deployment secrets, role rotation, and incident playbooks for privileged token systems.
3. On-Chain Monitoring & Circuit Breakers: We build alerts for abnormal minting, role changes, supply spikes, DEX sell pressure, bridge movements, mixer deposits, and emergency-pause triggers.
4. Incident Response (IR): AUTOSEC.DEV supports exploit reconstruction, fund-flow tracing, emergency role revocation, exchange and bridge coordination, user communication, and post-incident hardening.

Service Content

• AUTOSEC.DEV - Secure Code Review
• AUTOSEC.DEV - Penetration Testing
• AUTOSEC.DEV - Incident Response Service

---

Reference

• https://x.com/SpecterAnalyst/status/2061704532761956614