Tornado Cash Hack: Hacker Offers to Revert Attack While Mixing 360 ETH

It is uncertain if the hacker is friendly as they keep taking more funds and mixing them.

A hacker with a fake smile posing for the camera.
Created by Gabor Kovacs from DailyCoin
  • A hacker managed to gain total control of Tornado Cash’s governance.
  • While trying to mitigate damages, the hacker reached out with a friendly proposal.
  • Many remain skeptical of the hacker’s true intentions.

Tornado Cash gained infamy when its developer Alexey Pertsev was arrested, and the protocol was banned in the U.S. However, Tornado Cash is again in the news as a hacker has taken full control of the DAO

On May 20, a hacker gained complete control of Tornado Cash’s governance through a malicious proposal. However, a few hours into their attack, the hacker proposes handing governance control back to the DAO.

A Malicious Proposal

The attacker managed to grant 1.2 million votes to a malicious proposal successfully. All that was needed in the DAO was for the proposal to receive more than 700,000 legitimate votes. Thus the hacker gained total control over Tornado Cash governance.

Sponsored

This control allows the attacker to withdraw all the locked votes, drain all of the tokens in the governance contract, and brick the router if they so choose. 

To begin, the attacker took control and withdrew 10,000 votes as TORN – the native crypto – and sold it. The price of TORN preceding the hack was around $6.50 meaning the hacker managed to get ~$65,000.

Sponsored

One community member stated that all funds in governance were potentially compromised and asked members to withdraw all funds locked in governance. There was also a proposal to try and revert state changes, but this is where the hacker returned with his own ideas.

A New Proposal

According to the Tornado Cash community member –  Mr. Tornadosaurus Hex (Hex) – the hacker reached out with a new proposal, suggesting they may give back the governance control.

An email about an attacker new proposal to restore the state of governance (potentially).

The above image, taken from the Tornado Cash forums, outlines the proposal and the hacker’s plan to restore the state of governance. There appear to be minimal options for the Tornado Cash community as Hex confirmed the slot matching, proving the hacker has control over the governance. 

Hex said on the proposal: “I mean note that we don’t even have a choice in regards to this proposal but it is still important nonetheless.”

Taking More Crypto and Mixing it

As the hack continues to play out, it has emerged that the attacker swapped TORN tokens using to ETH using 1nch and other DeFi protocols before depositing the proceeds back into the mixing service they have control of. 

According to data scientist Martin Lee, wallets associated with the exploiter still hold around 125 ETH and 38,000 TORN taken from the protocol.

On the Flipside

  • The impact of the hack has been dramatic to TORN’s price. The token of Tornado Cash fell from around $6.50 to a low of $3.60 in the wake of the hack.

Why This Matters

Tornado Cash is a protocol in the regulatory sites, and a hack of this magnitude will not help clear its name in any sense. Crypto hacks and attacks continue to plague the space and are also doing significant reputational damage to crypto. 

Read more about the arrest of Pertsev:

Tornado Cash Developer to Stay Behind Bars Until February.

Read more about the ‘unjust’ shutdown of Signature Bank:

“The Bank was Solvent”: Crypto-Friendly Signature Bank Unjustly Shutdown?

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Darryn Pollock

Darryn Pollock is a South African-born, UK-based journalist and content writer for DailyCoin with a focus on regulation and legislation revolving around the cryptocurrency space. He has covered the evolving crypto regulatory space, and examined how the US has approached law-making to offer protection in the growth of innovation. Darryn values traditional journalistic principles of truth, accuracy, independence, fairness, and impartiality, and has a Bachelor of Arts degree in Journalism and Law from Rhodes University in South Africa.