Tornado Cash hacker moves portion of stolen tokens

The attacker who compromised the Tornado Cash crypto mixer carried out a series of transactions after taking control of the protocol.

According to data from Etherscan, the hacker moved 100 ETH (~$178,000 at the time of writing) to the Tornado Cash Router, which is used in the process of mixing cryptocurrency.

The second transaction included 38,302.57 TORN (~$164,000) — the governance tokens DAO of the crypto mixer. The attacker moved these assets to an unknown address.

On May 20, an unknown took control of the Tornado Cash governance mechanism. According to a Paradigm analyst, the hacker injected a malicious proposal, the code of which allowed calling the EmergencyStop function to update the logic after adoption. With this, the attacker gained control of 1.2 million votes.

The attacker was able to revoke blocked tokens, transfer assets to the governing smart contract, and halt the router’s operation.

PeckShield experts noted that the hacker has already swapped much of the withdrawn tokens for Ethereum and sent the cryptocurrency to the Tornado Cash address and the Bitrue platform.

According to EmberCN, the attacker withdrew a total of 483,000 TORN from the Tornado Governance storage.

Subsequently the hacker posted a proposal that could potentially restore the DAO control over the project. According to him, the initiative is not malicious and envisages removing the malicious code through which he gained control over the protocol.

In November 2022, the U.S. Treasury’s Office of Foreign Assets Control updated sanctions against Tornado Cash, citing its role in financing North Korea’s nuclear program.