- Advanced Installer’s Crypto Twist - October 15, 2023
- Hackers Exploit Designers for Mining - October 15, 2023
- Hackers Target Binance Russia - September 26, 2023
The decentralized crypto mixer Tornado Cash has encountered another issue, further compounding its existing problems. During the night of May 20, an attacker managed to gain complete control over the system using a malicious proposal, successfully transferring 1.2 million votes to it.
This concerning incident was brought to light by @samczsun from the investment firm Paradigm. The hacker claimed that the malicious offer employed a similar logic to a previously accepted proposal, but with an additional feature.
What do people say?
According to @samczsun:
“After the community approved the proposal, the hacker simply utilized the emergencyStop feature to modify the proposal’s logic and appropriate counterfeit votes.”
Having full control over Tornado Cash’s management, the attacker has the ability to revoke all locked votes, drain all tokens within the management contract, and lock down the router. At the time of the tweet, the attacker had already “withdrawn 10,000 votes in the form of TORN tokens and sold them all,” as noted by the researcher.
In response, the protocol team attempted to deploy a contract that could potentially reverse the unauthorized changes and offered the community an opportunity to withdraw their funds. They are currently seeking Solidity developers to aid in salvaging the mixer and preventing its collapse. Tornado Cash has also expressed the need to establish contact with Binance, as the exchange holds more TORN tokens in its balance sheet than the attacker.