Tornado Cash Hijacked; Hackers Take Control Of Governance

Tornado Cash Hijacked; Hackers Take Control Of Governance
Table of Contents

Tornado Cash, the infamous cryptocurrency mixer, suffered another setback as an attacker managed to seize full control of the platform’s governance through a malicious proposal.

According to reports, Samczsun, a security researcher at crypto investment firm Paradigm, revealed on Twitter that an attacker granted themselves 1.2 million fake votes on Saturday. As the fake votes exceeded the 700,000 legitimate votes, it allowed the attacker to gain full control over the governance of Tornado Cash.

With complete control over Tornado Cash’s governance, the attacker proceeded to withdraw 10,000 votes as TORN and subsequently sold them for personal gain. The unversed Tornado Cash token (TORN) is the governance token of the crypto mixer.

Hacker Submits Proposal To Undo Attack

In response to the attack, Tornado Cash’s active community member known as Tornadosaurus-Hex confirmed that all funds within the Governance system were potentially compromised. They urged all members to withdraw their locked funds from governance to safeguard their assets. However, shortly after the attack, a proposal was submitted by a wallet address linked to the recent attack, suggesting reversing  the malicious changes.

Tornadosaurus-Hex wrote in the Tornado Cash community forum, “The attacker posted a new proposal to restore the state of governance”, adding there is a “good chance” that the attacker would execute it. The user claimed the attacker is reverting the hijacked TORN tokens, which gave them a controlling share of the governance votes, back to zero.

Hacker Submits Proposal To Undo Attack

When the proposal passes, the malicious code that the attacker integrated into the protocol, which allowed them to steal voting power from others, will be removed, and the governance of Tornado Cash’s DAO will go back to token holders.

Tornado Cash’s Chronic Troubles

Following the news, TORN jumped 6.22% in the last 24 hours to trade at $4.62. However, the token is still reeling under severe pressure over the past seven days due to the recent hijack. Meanwhile, 0xdeadf4ce, an active member of the TORN community, pointed out that this might all be a “gigatroll” to depress the price of the token to increase their holdings at a discount.

The decentralized currency mixer was sanctioned by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on August 8, 2022, for allowing hackers to launder nearly $7 billion in cryptocurrency since 2019. As per the United States Treasury Department, Tornado Cash had served as a key tool for the Lazarus Group, a North Korean hacking group tied to the $625 million hack of Axie Infinity’s Ronin Network in March 2022.


Follow us on Social Networks

Crypto Tutorials

Crypto Reviews