In addition to the existing hurdles of the Tornado Cash decentralized crypto mixer, an attacker managed to gain full government control through a malicious proposal.
On May 20 at 3:25 ET, an attacker successfully granted 1.2 million votes to a malicious proposal. Since the proposal received over 700,000 legitimate votes, the attacker gained full control over the Tornado Cash government.
On 2023/05/20 07:25:11 UTC, the governance of Tornado Cash effectively ceased to exist. Through a malicious proposal, an attacker awarded himself 1,200,000 votes. Since this is over the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz
โ@samczsun.com (@samczsun) May 20, 2023
The information was shared by @samczsun of research-driven technology investment firm Paradigm, who revealed that by sharing the malicious proposal, the attacker claimed that he used similar logic to a proposal that had previously passed through the community. However, this time, the proposal had an additional function.
As @samczsun explains:
"Once the voters approved the proposal, the attacker simply used the emergency stop function to update the logic of the proposal and give himself the fake votes."
Full control over Tornado Cash governance allows the attacker to withdraw all locked votes, drain all tokens in the governance contract, and crash the router. At the time of writing, the attacker โjust took down 10,000 votes like TORN and sold them all,โ @samczsun said.
The attack comes as a reminder for crypto investors to examine the descriptions and logic of the proposals. An active Tornado Cash community, which goes by the name of Tornadosaurus-Hex or Mr. Tornadosaurus Hex, confirmed that all funds in Governance are potentially compromised and requested all members to remove all funds locked in Governance.
As shown above, they also tried to implement a contract that could potentially revert the changes while suggesting to the community to withdraw their funds. Cointelegraph also received a distress call from one of the Tornado Cash community developers who confirmed the above developments, stating:
โThere was an attack on the protocol this morning that you already know about. All day, another community developer and I think about what to do, but the situation is almost hopeless: currently the attacker controls the Governance.
The team is currently looking for Solidity developers who can help save the protocol from extinction. Furthermore, they stated that โwe need contact with Binance โ this exchange has more tokens than the attacker.โ
Related: Allbridge offers bounty to exploiter who stole $573K in quick loan attack
A former Tornado Cash developer is reportedly working on creating a new cryptocurrency mixing service from scratch, which addresses the existing โcritical flawโ in Tornado Cash.
1/ we fix @tornadocash ๐
v0 of https://t.co/Nt4b2Tgx1D is live @optimismFND
try the demo, but note:
- this is experimental code
- has not been audited
- trusted settings are not trustedread the full story anon ๐งต๐https://t.co/9nAU3RrgpN
โ Ameen Soleimani (@ameensol) March 4, 2023
