Tornado Cash Attacker Submits Proposal to Revert Governance Control, TORN Down 40% in 2 Days

Popular crypto mixer Tornado Cash lost full control of its management to an attacker who deployed malicious contracts to gain access to thousands of votes. The incident was first discovered by @samczsun, a researcher at Web 3-focused investment firm Paradigm, over the weekend.

According to samczsun tweetthe attacker claimed to have used the same suggestion logic passed earlier in creating his malicious suggestion without revealing that an add-on was added.

In a more recent development, though, “the attacker has posted a new proposal to restore the state of judgment,” according to a mail in the Mixer Community Forum.

An attacker takes over Tornado’s money management system

Immediately after Tornado Cash voters passed the motion, the exploiter implemented an emergency stop function and updated the motion logic to give themselves 1.2 million fake votes. The attacker’s votes are more than 700,000 legitimate votes, so they have gained full control over the management of the cryptographic mixer.

With full control, an attacker can do whatever he wants, such as pull all locked votes, drain all tokens in governance nodes, and trigger the router. However, they cannot drain individual pools.

Finally, what can we learn from this? Be careful what you vote for! While we all know proposal descriptions can lie, proposal logic can lie, too! If you rely on verified source code to stay the same, rest assured That nodes do not have the ability to self-destruct,” samczsun warned.

Over $2.1 million in tokens stolen

Shortly after securing the Tornado Cash contract, the exploiter exhausted 473,000 TORN — the original mixer token — worth more than $2.1 million from the governance contract, according to a tweet from Web3 Media Group. @tweet. The bad actor sold the assets in the chain and deposited the profits back into Tornado.

Tornadosaurus-Hex, active member of the Tornado Cash community, Certain The attack affected all funds in the governance and required all members to withdraw their assets that were reserved in the contract.

While urging users to mine their money, Tornadosaurus-Hex also attempted to publish a contract that could reverse the changes.

A proposed solution to the attack that might be applicable is to revert state changes made by the attacker to the nodes, directly. As such, I’ve deployed a node that should be able to do exactly that… Please check it out and if possible, suggest. “Let’s see if we can make it happen,” said one community member, “otherwise we’ll be taken advantage of for word of mouth.”

Somewhat predictably, the project token dropped after the news broke. TORN jumped to $7.3 on May 20 but lost nearly 40% of its value in the following days and now sits at $4.5.

Special Show (sponsored)

Binance Free $100 (Exclusive): Use this link to sign up and get $100 free and 10% off Binance Futures first month (conditions).

PrimeXBT Special Offer: Use this link to register and enter code CRYPTOPOTATO50 to receive up to $7,000 on your deposits.

AttackercashcontrolDaysGovernanceProposalRevertSubmitsTORNTornado
Comments (0)
Add Comment