An unknown attacker has compromised Tornado Cash. This situation opened the door to a potential treasure drain.
Tornado Cash DAO Taken Over by Attackers and Token Price Drops by 40
On Saturday, an anonymous attacker, or group of attackers, successfully took control of the DAO, managing operations, finances, and plans for privacy-focused crypto mixer Tornado Cash.
About the Attack
To manage some parts of Tornado Cash, such as the handling of torn (TORN) tokens kept in the main governance contract or the withdrawal of locked torn tokens, the attacker submitted a fraudulent proposal at the beginning of the weekend that concealed a code function that allowed them bogus votes.
This attack was accomplished by submitting a proposal that looked exactly like an earlier draft but contained malicious code that enabled the attacker to view all governance votes by updating the reasoning.
They are free to act any way they choose now that they have all the votes, security research @samczsun tweeted on Sunday. In this instance, they just sold all 10,000 votes after withdrawing them as TORN.
As a result, the Tornado Cash protocol itself, which enables customers to use the service to conceal or mask financial transactions and crypto addresses, is unaffected by this assault. However, a drop in the token price was observed. The TORN token is currently trading at $4.48, according to CoinMarketCap, down 32.95% in the last 24 hours.
Leave a comment