Unknown attackers seize control of Tornado Cash governance

On May 20, unknown actors seized control of Tornado Cash’s governance mechanism. According to Paradigm analyst known as samczsun, the attackers have already begun draining TORN tokens from the protocol’s smart contracts.

On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz

— @samczsun.com (@samczsun) May 20, 2023

According to the expert, the attackers inserted a malicious proposal, the code of which envisaged the possibility of calling the EmergencyStop function to update the logic after adoption. With it, they appropriated 1.2 million votes.

The hackers gained the ability to revoke blocked tokens, transfer assets into the governing smart contract, and halt the router.

The analyst stressed that the attackers cannot withdraw cryptocurrency from individual pools. However, they have already begun draining the locked votes.

Locked votes have been drained https://t.co/MJbKKyFII2 pic.twitter.com/DyJnDwc3SZ

— @samczsun.com (@samczsun) May 21, 2023

PeckShield researchers noted that the hackers swapped most of the withdrawn tokens for Ethereum and sent the cryptocurrency to the Tornado Cash address. Some assets were transferred to the Bitrue platform.

#PeckshieldAlert Tornado Cash Governance Exploiter has deposited 6K $TORN to #Bitrue. And swapped ~380K $TORN for $ETH and then transferred 372 $ETH into Tornado Cashhttps://t.co/3fEa1kYFaz pic.twitter.com/BzqagupO5c

— PeckShieldAlert (@PeckShieldAlert) May 21, 2023

According to Cointelegraph, the Tornado Cash community is attempting to deploy a proposal that would roll back the changes. However, users were advised to withdraw assets from the application’s smart contracts.

Participants of the DAO also noted that the exchange Binance has more tokens than the attackers, so it could theoretically help fix the situation.

Binance, in turn, said it would pause deposits of $TORN.

Due to circumstances surrounding the protocol, #Binance will temporarily pause $TORN deposits until further notice.

— Binance (@binance) May 21, 2023

According to CoinGecko, in the wake of the negative news, TORN’s price has fallen by about 25%. At the time of writing, the token was trading near $4.7.

In August 2022, Tornado Cash was sanctioned by the United States. In the same month, Dutch authorities arrested the developer of the service, Alexey Pertsev.