ETH
by BSC News
May 21, 2023
Absolute control over the governance enables the exploiter to withdraw all the locked votes, drain all of the tokens in the governance contract, and brick the router.
Tornado Cash, the decentralized crypto mixer, is facing yet another challenge as an attacker has reportedly seized control of the protocol's governance through a malicious proposal.
On May 20, at 7:25 UTC, an attacker successfully granted themselves 1,200,000 votes through a malicious proposal. With the proposal receiving more than 700,000 legitimate votes, the attacker gained full control. The news was shared by @samczsun of research-driven technology investment firm, Paradigm.
@samczsun disclosed that the attacker introduced an additional function to the malicious proposal, employing the same logic as a previously approved proposal.
“Once the proposal was passed by voters, the attacker simply used the emergencyStop function to update the proposal logic to grant themselves the fake votes”.
Complete control over the governance allows the exploiter to withdraw all of the locked votes, drain all of the tokens in the governance contract, and brick the router. This, however, does not allow them to drain individual pools.
Tornado Cash has confirmed on its forum that all funds held within the governance are potentially compromised. As a precautionary measure, users have been advised to immediately withdraw any locked funds. Additionally, in the early hours of today, PeckShieldAlert revealed that the Tornado Cash Governance Exploiter has deposited 6000 to crypto exchange Bitrue, and swapped approximately 380,000 $TORN for $ETH, and further transferred 372 $ETH into Tornado Cash.
The exploit serves as a reminder for crypto investors and protocols to thoroughly evaluate proposal descriptions and logic.
Tornado Cash is a decentralized and non-custodial privacy solution that allows users to send and receive Ethereum (ETH) anonymously. The protocol uses zero-knowledge proofs and other cryptographic techniques to ensure that transactions are untraceable and unlinkable.
Where to find Tornado Cash:
Related News
Latest News
April 19, 2024
Michael Saylor Capitalizes on MicroStrategy Stock Surge, Sells $370M $MSTR
April 19, 2024
Hedgey Finance Reportedly Suffers $44.7M Exploit
April 19, 2024
US SEC Escalates Legal Battle Against Justin Sun with Amended Lawsuit
April 17, 2024
What is Binance Megadrop?
April 17, 2024
Binance Prepares for Return to India After Paying $2M Fine
April 17, 2024
Aptos Announces Strategic Partnerships With Microsoft, Brevan Howard and More
April 16, 2024
What is Merlin Layer-2 Chain?
April 16, 2024
Bernstein Doubles Down on Bold Bitcoin Price Prediction
More News