The attacker had all control over the mixer’s governance, but the new suggestion has the potential to change everything.
Tornado Cash, a popular crypto mixer, lost control of its governance to an attacker who used a fraudulent contract to gain access to thousands of votes. Over the weekend, @samczsun, a researcher at web3-focused investment firm Paradigm, discovered the occurrence. According to samczsun’s tweet, the attacker claimed to have utilized the same reasoning as a previous proposal in producing their malicious proposal, without revealing that they added an extra function. However, the attacker just “posted a new proposal to restore the state of governance,” according to a post on the mixer’s community forum.
Attacker Seizes Tornado Cash Governance
The exploiter immediately built the emergency stop function and changed the proposal logic after Tornado Cash voters approved the proposal, granting themselves 1.2 million bogus votes. With over 700,000 legal votes, the attacker has taken complete control of the crypto mixer’s governance.
The attacker has complete control and may do whatever they want, such as withdrawing all locked votes, draining all tokens in the governance contract, and bricking the router. They cannot, however, drain individual pools.
“And finally, what can we take away from this?” Be cautious about who you vote for! While we all know that proposal descriptions may be deceptive, proposal logic can also be deceptive! If you rely on the verified source code to remain constant, be sure the contract does not have the capacity to self-destruct,” samczsun said.
Over $2.1M TORN Tokens Stolen
According to a tweet from Web3 media group @WhaleCoinTalk, the exploiter stole 473,000 TORN – the mixer’s native token – worth more than $2.1 million from the governance contract shortly after gaining control of Tornado Cash’s contract. The bad actor liquidated the assets on-chain and re-invested the proceeds in Tornado. Tornadosaurus-Hex, a Tornado Cash community member, acknowledged that the attack has compromised all monies under governance and requested that all members withdraw their assets locked in the contract.
Tornadosaurus-Hex has attempted to install a contract that might reverse the changes while asking users to withdraw their coins. “Reverting the state changes that the attacker made to the contract directly is a proposed solution for the attack that may be viable.” As a result, I’ve deployed a contract that should be able to accomplish this… Please look into it and, if possible, make a proposal. Let’s see if we can get it through, or else we’re fucked, as one community member put it. The project’s native token dropped precipitously once the news broke. TORN peaked at $7.3 on May 20 but has since lost almost 40% of its value and is now trading at $4.5.