- A hacker managed to gain total control of Tornado Cash’s governance.
- While trying to mitigate damages, the hacker reached out with a friendly proposal.
- Many remain skeptical of the hacker’s true intentions.
Tornado Cash gained infamy when its developer Alexey Pertsev was arrested, and the protocol was banned in the U.S. However, Tornado Cash is again in the news as a hacker has taken full control of the DAO.
On May 20, a hacker gained complete control of Tornado Cash’s governance through a malicious proposal. However, a few hours into their attack, the hacker proposes handing governance control back to the DAO.
A Malicious Proposal
The attacker managed to grant 1.2 million votes to a malicious proposal successfully. All that was needed in the DAO was for the proposal to receive more than 700,000 legitimate votes. Thus the hacker gained total control over Tornado Cash governance.
This control allows the attacker to withdraw all the locked votes, drain all of the tokens in the governance contract, and brick the router if they so choose.
To begin, the attacker took control and withdrew 10,000 votes as TORN – the native crypto – and sold it. The price of TORN preceding the hack was around $6.50 meaning the hacker managed to get ~$65,000.
One community member stated that all funds in governance were potentially compromised and asked members to withdraw all funds locked in governance. There was also a proposal to try and revert state changes, but this is where the hacker returned with his own ideas.
A New Proposal
According to the Tornado Cash community member – Mr. Tornadosaurus Hex (Hex) – the hacker reached out with a new proposal, suggesting they may give back the governance control.
The above image, taken from the Tornado Cash forums, outlines the proposal and the hacker’s plan to restore the state of governance. There appear to be minimal options for the Tornado Cash community as Hex confirmed the slot matching, proving the hacker has control over the governance.
Hex said on the proposal: “I mean note that we don’t even have a choice in regards to this proposal but it is still important nonetheless.”
Taking More Crypto and Mixing it
As the hack continues to play out, it has emerged that the attacker swapped TORN tokens using to ETH using 1nch and other DeFi protocols before depositing the proceeds back into the mixing service they have control of.
According to data scientist Martin Lee, wallets associated with the exploiter still hold around 125 ETH and 38,000 TORN taken from the protocol.
On the Flipside
- The impact of the hack has been dramatic to TORN’s price. The token of Tornado Cash fell from around $6.50 to a low of $3.60 in the wake of the hack.
Why This Matters
Tornado Cash is a protocol in the regulatory sites, and a hack of this magnitude will not help clear its name in any sense. Crypto hacks and attacks continue to plague the space and are also doing significant reputational damage to crypto.
Read more about the arrest of Pertsev:
Tornado Cash Developer to Stay Behind Bars Until February.
Read more about the ‘unjust’ shutdown of Signature Bank:
“The Bank was Solvent”: Crypto-Friendly Signature Bank Unjustly Shutdown?