Anonymous Hacker Returns Control of Tornado Cash Governance Following Exploitation

Anonymous Hacker Returns Control of Tornado Cash Governance Following Exploitation

An undisclosed past proposal gains approval, leading to the restoration of control after the malicious activities targeting Tornado Cash.

In recent reports, an unidentified individual seizes authority over the governance framework governing Tornado Cash, an OFAC-sanctioned mixer that obscures cryptocurrency transactions. The perpetrator cunningly exploits a malevolent governance proposition, orchestrating an astounding number of fabricated votes to wrest control of the governance system.

While the immediate impact on the protocol is not readily apparent, the assailant still retains control over a substantial portion of the DAO’s funds. Ronghui Gu, a co-founder of CertiK, a reputable blockchain security and auditing firm, raises concerns regarding the potential deterioration and stagnation of Tornado Cash’s future development prospects.

This form of attack has become increasingly prevalent, prompting Gu to advocate for third-party audits of DAO code to safeguard against hostile takeovers. However, the process of auditing every proposal results in slower voting and implementation procedures, accompanied by significant financial implications.

In a surprising turn of events, the assailant’s proposal suspiciously garners overwhelming support and passes on Friday, as reported by Fortune. Consequently, any member of the DAO can execute the proposal within the subsequent 48 hours, thereby undoing most of the changes and reinstating control to the community. Nevertheless, the governance system suffered losses surpassing $1 million during the perpetrator’s week-long reign. It remains uncertain whether the attacker possesses genuine concern for the governance system itself or has intentions of returning the pilfered tokens.

Remarkably, while rare, instances of perpetrators relinquishing control have occurred in the past. Previous cases have witnessed hackers returning a significant portion of the stolen funds, albeit with a fraction retained for personal gain. In a notable example from March, a hacker restored over $1 million to Tender.fi, earning a bounty of $97,000. Similarly, earlier this year, a coalition comprising law enforcement authorities and legal experts pressured a Russian hacker into returning $200 million to Euler Finance.

Following the security breach, the TORN token experienced a substantial decline of 50%, plummeting to $3.60. However, as of the time of writing, there has been a modest recovery, with the token trading at $4.1, according to CoinMarketCap. Nonetheless, the token’s value remains nearly 3% lower over the past 24 hours, reflecting the apprehension among investors regarding the governance system’s uncertain future.