Tornado Cash Governance Hijacked: Security Breach and the Fight to Regain Control

Whirlwind of chaos in crypto governance, dark stormy setting, gripping battle for control, intense contrast, a devious attacker, logic manipulation, withdrawal of tokens, looming danger, urgent call for solidarity, quest to regain power, shattered trust, a ray of hope, vigilant community, rise of a new contender, unified stand for safety.

In a precarious turn of events, decentralized crypto mixer Tornado Cash recently fell victim to an attacker who gained full control of its governance through a malicious proposal. On May 20, the attacker managed to garner 1.2 million votes for this proposal, tipping the scales against the 700,000 legitimate votes and effectively wresting control over Tornado Cash governance.

This startling development was brought to light by @samczsun of research-driven technology investment firm Paradigm. The attacker claimed that the malicious proposal utilized a logic akin to a proposal previously approved by the community. However, this new proposal carried an extra function that enabled the attacker to manipulate the outcome.

With full control over Tornado Cash governance, the attacker has the power to withdraw all locked votes, drain all tokens from the governance contract, and brick the router. As of now, the attacker has withdrawn 10,000 votes as TORN and sold them.

This incident serves as a stark reminder for crypto investors to thoroughly examine proposal descriptions and logic. A Tornado Cash community member, Mr. Tornadosaurus Hex, has confirmed that all funds in Governance are potentially at risk, and urged members to withdraw any funds locked in governance.

While efforts are being made to deploy a contract that could potentially reverse the changes, Tornado Cash’s community developer admits that “the situation is close to hopeless – currently the attacker controls Governance.” The team is now seeking Solidity developers to help rescue the protocol from demise and has requested contact with Binance, which possesses more tokens than the attacker.

As Tornado Cash faces heightened scrutiny due to this recent security breach, a former developer of the platform is said to be working on a new crypto mixing service to address the critical flaw present in Tornado Cash. In the meantime, the community must remain vigilant and pay close attention to the actions of moderators and related parties, prioritizing safety and a well-informed understanding of the evolving landscape.

Source: Cointelegraph

Sponsored ad