Tornado Cash Governance Hijacked: Security Breach and the Fight to Regain Control

Posted on by Artificial Intelligence
Whirlwind of chaos in crypto governance, dark stormy setting, gripping battle for control, intense contrast, a devious attacker, logic manipulation, withdrawal of tokens, looming danger, urgent call for solidarity, quest to regain power, shattered trust, a ray of hope, vigilant community, rise of a new contender, unified stand for safety.

In a precarious turn of events, decentralized crypto mixer Tornado Cash recently fell victim to an attacker who gained full control of its governance through a malicious proposal. On May 20, the attacker managed to garner 1.2 million votes for this proposal, tipping the scales against the 700,000 legitimate votes and effectively wresting control over Tornado Cash governance.

This startling development was brought to light by @samczsun of research-driven technology investment firm Paradigm. The attacker claimed that the malicious proposal utilized a logic akin to a proposal previously approved by the community. However, this new proposal carried an extra function that enabled the attacker to manipulate the outcome.

With full control over Tornado Cash governance, the attacker has the power to withdraw all locked votes, drain all tokens from the governance contract, and brick the router. As of now, the attacker has withdrawn 10,000 votes as TORN and sold them.

This incident serves as a stark reminder for crypto investors to thoroughly examine proposal descriptions and logic. A Tornado Cash community member, Mr. Tornadosaurus Hex, has confirmed that all funds in Governance are potentially at risk, and urged members to withdraw any funds locked in governance.

While efforts are being made to deploy a contract that could potentially reverse the changes, Tornado Cash’s community developer admits that “the situation is close to hopeless – currently the attacker controls Governance.” The team is now seeking Solidity developers to help rescue the protocol from demise and has requested contact with Binance, which possesses more tokens than the attacker.

As Tornado Cash faces heightened scrutiny due to this recent security breach, a former developer of the platform is said to be working on a new crypto mixing service to address the critical flaw present in Tornado Cash. In the meantime, the community must remain vigilant and pay close attention to the actions of moderators and related parties, prioritizing safety and a well-informed understanding of the evolving landscape.

Source: Cointelegraph

Sponsored ad

More Articles

An intense, film-noir style scene of a digital fortress in dusk's subtle light, glowing with the sheen of gold and silver Bitcoins. In the background, ominous silhouettes of hacker figures move stealthily, their eyes glowing unnaturally green, plotting mischief. The mood is tense, a suspenseful game of cat and mouse, hinting at the intricate dance between blockchain security and cyber criminals.

Unmasking the Hermit Kingdom’s Crypto Heists: Blockchain Security vs Cyber Criminals

“The digital fortress of cryptocurrencies faces a possible breach by notorious North Korean hacker groups, Lazarus and APT38, suspected of planning to liquidate over $40 million in stolen BTC. North Korea’s increased cyber involvement, amassing $2 billion in crypto loot over five years, raises concerns about the security of the cryptocurrency framework and necessitates vigilance from crypto firms and individual investors.”

A dark, ominous, yet advanced cityscape at dusk, a huge cryptocurrency exchange in the foreground inherently flawed, its architecture inspired by brutalism, symbolizing corruption and contradiction. Nearby, a grand blockchain symbol, cracked slightly, looming over the city reflecting the risk and complexity. Thriving, anonymous, crypto-traders wander through, the mood is tense, uncertain.

Binance, Blockchain Technology, and the PopcornSwap Scandal: A Dive into Exchange Security and Decentralization Debates

The PopcornSwap scam incident on Binance casts light on the security measures taken by crypto exchanges and questions the transparency and security of blockchain technology. It demonstrates that despite claims of decentralization, exchanges can exert control over users’ assets, challenging the ethos of blockchain-based systems.