Tornado Cash Governance Compromised in Malicious Takeover
Tornado Cash, an open-source and fully decentralized cryptocurrency tumbler operating on Ethereum-based networks, has fallen victim to a hostile takeover. Through a malicious proposal, the attacker seized complete control of the project’s governance system, accumulating 1.2 million fraudulent votes, surpassing the legitimate vote count of 700,000.
The attacker deceptively presented their proposal as similar to a successful one from the past. However, unbeknownst to the community, the proposal contained an additional function that allowed for the generation of fake votes.
By exploiting the emergencyStop function, the attacker quickly manipulated the proposal logic, gaining control over Tornado Cash’s governance. This newfound authority empowers the attacker to withdraw locked votes, drain tokens from the governance contract, and potentially disrupt the router’s functionality. To capitalize on their control, the attacker promptly sold 10,000 votes in TORN tokens and it is clear that they are able to drain all ETH from the pool as well.
Community members have urged participants to withdraw their locked funds. Despite efforts to deploy a contract to reverse the changes, the attacker currently maintains governance control, posing significant challenges for the project.
To mitigate the damage, the Tornado Cash team is actively seeking Solidity developers and aims to engage with Binance. The exchange holds a substantial number of tokens that could potentially aid in countering the attack.
It is important to note that Tornado Cash faced substantial obstacles in the past when the United States Department of the Treasury blacklisted the service in August 2022. Consequently, the use of Tornado Cash became illegal for US citizens, residents, and companies. The project’s web domain and GitHub accounts were shut down, and one of the developers was arrested.
Tornado Cash provides a privacy-enhancing tool on Ethereum-based networks. As an open-source, non-custodial, and fully decentralized cryptocurrency tumbler, it mixes potentially identifiable or “tainted” cryptocurrency funds with others to obscure the original source. This service addresses the need for privacy in EVM networks, where transactions are publicly visible by default.