ETH
by BSCN
May 21, 2023
Absolute control over the governance enables the exploiter to withdraw all the locked votes, drain all of the tokens in the governance contract, and brick the router.
Tornado Cash, the decentralized crypto mixer, is facing yet another challenge as an attacker has reportedly seized control of the protocol's governance through a malicious proposal.Â
On May 20, at 7:25 UTC, an attacker successfully granted themselves 1,200,000 votes through a malicious proposal. With the proposal receiving more than 700,000 legitimate votes, the attacker gained full control. The news was shared by @samczsun of research-driven technology investment firm, Paradigm.Â
@samczsun disclosed that the attacker introduced an additional function to the malicious proposal, employing the same logic as a previously approved proposal.Â
“Once the proposal was passed by voters, the attacker simply used the emergencyStop function to update the proposal logic to grant themselves the fake votes”.
Complete control over the governance allows the exploiter to withdraw all of the locked votes, drain all of the tokens in the governance contract, and brick the router. This, however, does not allow them to drain individual pools.Â
Tornado Cash has confirmed on its forum that all funds held within the governance are potentially compromised. As a precautionary measure, users have been advised to immediately withdraw any locked funds. Additionally, in the early hours of today, PeckShieldAlert revealed that the Tornado Cash Governance Exploiter has deposited 6000 to crypto exchange Bitrue, and swapped approximately 380,000 $TORN for $ETH, and further transferred 372 $ETH into Tornado Cash.Â
The exploit serves as a reminder for crypto investors and protocols to thoroughly evaluate proposal descriptions and logic.
Tornado Cash is a decentralized and non-custodial privacy solution that allows users to send and receive Ethereum (ETH) anonymously. The protocol uses zero-knowledge proofs and other cryptographic techniques to ensure that transactions are untraceable and unlinkable.
Where to find Tornado Cash:
Latest News
December 4, 2024
Ex-Celsius CEO Alex Mashinsky Pleads Guilty in Major Crypto Fraud Case
December 4, 2024
Grayscale Joins Race for Spot Solana ETF
December 4, 2024
South Korea Hits Record $34B in 24-Hour Crypto Trading Volume Amid Emergency Martial Law
December 3, 2024
Chainlink Partners with 21X to Launch First EU-Regulated Tokenized Securities Market
December 3, 2024
Crypto Exchange Volume Hits $2.9T in November, Highest Since May 2021
December 3, 2024
MicroStrategy Acquires Additional $1.5B Bitcoin, Expands Holdings to 402,100
December 2, 2024
Discover the Future of Trading with FATTY and Its FatBot, a Tool Poised for the Top 5 in the Market
December 2, 2024
DMM Bitcoin to Liquidate After $320M Hack