- Attacker successfully granted 1.2 million votes to a malicious proposal and the proposal received more than 700,000 legitimate votes
- Several crypto exchanges, including Binance, have taken precautionary measures by suspending TORN deposits.
Crypto mixer Tornado Cash has fallen victim to a governance attack, granting full control to an attacker who manipulated the system through a malicious proposal.
By gaining 1.2 million votes, surpassing legitimate votes by over 700,000, the attacker now has the power to withdraw locked votes, drain tokens, and disrupt the platform.
The attacker exploited the governance system by utilizing the emergencyStop function to update the proposal logic and grant themselves fake votes. This allowed them to take control of Tornado Cash’s governance, undermining the democratic process that was meant to protect the platform’s operations.
Upon gaining control, the attacker wasted no time and withdrew 10,000 votes as TORN, subsequently selling them. This triggered a significant drop in the price of TORN, plummeting by 35% within a mere 24-hour period.
In response to the attack, Tornado Cash’s community promptly urged all members to withdraw their funds locked in governance, recognizing that the compromised governance system put these funds at risk. Meanwhile, the Tornado Cash team is actively seeking assistance from Solidity developers to salvage the protocol from this dire situation.
The repercussions of the attack have not been limited to Tornado Cash alone. Several crypto exchanges, including Binance, have taken precautionary measures by suspending TORN deposits. This move aims to prevent any further harm caused by the compromised tokens.
As the situation unfolds, the Tornado Cash team has proposed a plan to revert the changes made by the attacker. They are actively exploring options to regain control and restore the platform’s integrity. Additionally, the team expressed the need to establish contact with Binance, as the exchange holds a significant number of tokens that could potentially aid in rectifying the situation.
The attack on Tornado Cash serves as a stark reminder to crypto investors and users to thoroughly vet proposal descriptions and logic before participating in governance activities. The incident underscores the importance of maintaining strong security measures and conducting thorough audits of smart contracts to detect vulnerabilities.
In the aftermath of the attack, TORN’s price has experienced a steep decline, falling by over 50% within 24 hours. The attackers continue to withdraw and sell TORN tokens, exacerbating the impact on the platform and its community.
Despite the challenges faced by Tornado Cash, there may be hope for the future. A former Tornado Cash developer is reportedly working on building a new crypto mixing service from scratch. This endeavor aims to address the critical flaws exposed by the attack and empower the community to defend against similar incidents without compromising the core principles of cryptocurrency.