The operation of Tornado Cash, which allows people to hide the origin or destination of their cryptocurrencies and tokens, has not been affected by the hijacking of its governance.
A malicious governance proposal has allowed an attacker to hijack the governance of Tornado Cash, taking control of the entity that manages the protocol, Tornado Cash DAO.
An unknown attacker reportedly managed to trick members of the Tornado Cash DAO into approving a malicious governance proposal that would take control of the DAO. The attacker granted 1,2 million fake votes to said proposal, exceeding the 700.000 legitimate votes in the crypto community.
Although the kidnapping of Tornado Cash DAO does not affect the operations of the protocol as such, it does put its community treasury at risk. The Tornado Cash DAO is responsible for managing the funds deposited in the mixing protocol governance contract, as well as approving new implementations, improvements and updates.
A misleading governance proposal
The malicious governance proposal, which was approved by DAO members last Saturday, hid an additional function with which the attacker would take control of the governance of the decentralized organization.
Paradigm security researcher @samczsun, who explained the Tornado Cash DAO attacker's exploit on Twitter, called on the crypto community to be careful with governance votes.
In this case, the malicious proposal does not affect the operation of the privacy protocol and does not represent a vulnerability or exploit in its code. However, it allowed the attacker to update the proposal logic to grant himself the fake votes and take control of the DAO.
Thousands of TORN tokens moved
On-chain data shows that the Tornado Cash DAO attacker has obtained a total of 483.000 TORN tokens from the protocol's governance contract. Of these, 6.000 TORN have been deposited on the Bitrue platform and 379.300 TORN were exchanged for 375 ETH, worth approximately $680.000 at the time of exchange.
The price of the TORN token has fallen more than 20% in the last few hours, trading above $4,6, according to data from CoinMarketCap, at the time of writing this article.
Source: CoinMarketCap
Cryptocurrency exchanges have begun pausing TORN deposits due to the Tornado Cash governance attack, while DAO members are creating new governance proposals to reverse changes that were passed by deceptively and soliciting the community. withdraw funds blocked in governance.
What is Tornado Cash?
Tornado Cash is a privacy protocol that mixes cryptocurrency transactions to allow its users to hide the origin and destination of their funds.
This protocol works through smart contracts that mix user transactions made from one address and allow the withdrawal of funds from a different address, in order to make it difficult to track and trace them.
Last year, the United States Department of the Treasury sanctioned Tornado Cash, noting that this protocol has made it easier for cybercriminals to launder several million dollars in cryptocurrencies. The Treasury Department also stated that Tornado Cash is a tool that helps sanctioned entities evade the economic blockade imposed by the government.
However, the crypto community and its leaders spoke out against these sanctions. Charles Hoskinson, founder of Cardano, assured that the Treasury Department's actions against Tornado Cash establish a dangerous precedent for the crypto industry, in addition to violating freedom of expression and the development of free software.
Continue reading: Is Tornado Cash open source illegal in the United States?
