Tornado Cash Governance Falls Prey to Malicious Hijack
In an alarming incident that highlights the potential vulnerabilities of decentralized systems, an attacker has managed to gain full control of the governance mechanism of Tornado Cash, a popular decentralized crypto mixer.
On this page
The attacker orchestrated a malicious proposal that successfully accrued 1.2 million votes on May 20. The proposal, which seemed legitimate at first, won over more than 700,000 legitimate votes, subsequently giving the attacker complete control over Tornado Cash governance.
Once in control, the attacker was able to withdraw all of the locked votes, drain all of the tokens in the governance contract, and cause significant disruption to the router. The fallout from this incident is significant – the attacker managed to extract a total of 483,000 TORN tokens from the Tornado Cash governance vault.
The stolen tokens have already been put into circulation. The attacker has deposited 6,000 TORN into the Bitrue exchange, sold off 379,300 TORN on the chain and exchanged it for 375 ETH (equivalent to approximately 680,000 US dollars). The remainder of the stolen tokens, about 97,700 TORN, is still unaccounted for.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
