• Mon. Jun 17th, 2024

An Intruder Seizes Control of Tornado Cash Through a Malicious Offer

Avatar photo

ByMarcel Bich

Jul 31, 2023
Tornado Cash Seized by Intruder via Malicious Offer
Marcel Bich
Latest posts by Marcel Bich (see all)

The decentralized crypto mixer Tornado Cash has encountered another issue, further compounding its existing problems. During the night of May 20, an attacker managed to gain complete control over the system using a malicious proposal, successfully transferring 1.2 million votes to it.

This concerning incident was brought to light by @samczsun from the investment firm Paradigm. The hacker claimed that the malicious offer employed a similar logic to a previously accepted proposal, but with an additional feature.

What do people say?

According to @samczsun:

“After the community approved the proposal, the hacker simply utilized the emergencyStop feature to modify the proposal’s logic and appropriate counterfeit votes.”

Having full control over Tornado Cash’s management, the attacker has the ability to revoke all locked votes, drain all tokens within the management contract, and lock down the router. At the time of the tweet, the attacker had already “withdrawn 10,000 votes in the form of TORN tokens and sold them all,” as noted by the researcher.

In response, the protocol team attempted to deploy a contract that could potentially reverse the unauthorized changes and offered the community an opportunity to withdraw their funds. They are currently seeking Solidity developers to aid in salvaging the mixer and preventing its collapse. Tornado Cash has also expressed the need to establish contact with Binance, as the exchange holds more TORN tokens in its balance sheet than the attacker.

 
Avatar photo

Marcel Bich

Marcel ‘s passion for the world of cryptocurrencies and his comprehensive knowledge of blockchain technology make him an invaluable asset to our team. He stays updated on the latest trends, regulations, and emerging technologies in the crypto space, ensuring that our audience receives accurate and up-to-date information.