Holders of governance tokens TORN regained control of the Tornado Cash protocol after the hacker’s proposal was implemented.
Support came from 517,000 TORN holders; no one voted against.
On May 20, an unknown actor seized control of the Ethereum mixer’s governance mechanism. The hacker inserted a malicious proposal, the code of which provided for the ability to call the EmergencyStop function to update the logic after adoption. With it he appropriated 1.2 million TORN.
The hacker gained the ability to revoke frozen tokens, transfer assets to the governing smart contract, and halt the router.
The unidentified actor did not disrupt the service. According to analysts, he moved 483,000 TORN out of Tornado Governance. Of that amount the hacker sold 379,300 TORN for 375 ETH ($0.68M) at an average price of $1.8.
龙卷风治理攻击者从龙卷风治理金库一共获得了 483,000 $TORN 。目前转移情况:
6,000 TORN 存入 #Bitrue;
379,300 TORN 链上抛售换成 375 $ETH($0.68M),卖出均价 $1.8;
还有 97,700 TORN 尚未抛售/转出。攻击龙卷风获得 TORN→抛售换得 ETH →再用龙卷风混币洗出。骚?
推文由 @LionDEX_CN 赞助 pic.twitter.com/x6zFXXcyAq
— 余烬 (@EmberCN) May 21, 2023
Part of the funds he laundered through Tornado Cash itself.
On May 21, the hacker unexpectedly submitted to the protocol’s DAO for consideration a proposal whose implementation rolled back the changes he had introduced and returned control to the community.
As reported in November 2022, the U.S. Treasury’s Office of Foreign Assets Control updated sanctions against Tornado Cash, citing its role in financing North Korea’s nuclear program.
One of the protocol’s developers, Alexey Pertsev, is under investigation in the Netherlands on money-laundering charges.