Hacker Exploits Tornado Cash for Massive Profits
The TORN token of the well-known crypto mixer Tornado Cash experienced a significant decline of more than 30% following an incident where an unauthorized individual exploited its governance system and stole over 480,000 tokens from its secure storage.
On-chain data reveals that the attacker sold 379,000 tokens for approximately 375 ETH (equivalent to roughly $680,000) and currently retains 97,700 TORN tokens in their possession. Additional information suggests that the hacker deposited 6,000 tokens on the Bitrue exchange.
An intriguing report by Peckshield indicates that the attacker used the Tornado Cash mixer to launder the profits obtained from selling the TORN tokens. The attacker gained control over Tornado Cash governance by submitting a deceptive proposal, falsely asserting its similarity to a previous valid proposal.
#PeckshieldAlert Tornado Cash Governance Exploiter has deposited 6K $TORN to #Bitrue. And swapped ~380K $TORN for $ETH and then transferred 372 $ETH into Tornado Cashhttps://t.co/3fEa1kYFaz pic.twitter.com/BzqagupO5c
— PeckShieldAlert (@PeckShieldAlert) May 21, 2023
Unbeknownst to the community, the attacker embedded an emergency-stop function within the proposal, granting them the ability to modify the proposal logic and obtain 1.2 million votes for themselves.
Once the proposal was passed by voters, the attacker simply used the emergencyStop function to update the proposal logic to grant themselves the fake voteshttps://t.co/JgYk9PJg6Ohttps://t.co/y3bjglXD7J pic.twitter.com/kpGXC3LtjW
— samczsun (@samczsun) May 20, 2023
With their vote count surpassing the legitimate 700,000 votes from members of the OFAC-sanctioned crypto mixer, the hacker achieved complete control over the decentralized autonomous organization (DAO).
As explained by Samczsun, a researcher from Paradigm, the attacker’s control over the protocol’s governance potentially allows them to withdraw locked tokens, compromise the router, and deplete all tokens in the governance contract.
READ MORE: JPMorgan’s Shocking Actions: Frozen Bank Accounts and Discrimination Against Clients Unveiled
Nevertheless, the hacker’s governance control does not extend to draining individual pools. Consequently, users can still utilize Tornado Cash to transfer funds without concerns of theft by the hacker.
However, the attacker retains access to Tornado Cash Nova, which is deployed on the Gnosis chain. Since this is a proxy administered by governance, the attacker possesses the ability to update the contract and drain all the ETH contained within the pool. Presently, the contract has approximately 510.8 WETH valued at over $928,000.
Following the revelation of this incident, the value of the TORN token has plummeted by more than 25% to $4.69 at the time of writing, according to BeInCrypto data.
Furthermore, the attack has resulted in the total market capitalization of the crypto token dropping below $10 million.
Several crypto exchanges, including Binance, have temporarily suspended the acceptance of TORN deposits to safeguard their users. However, Huobi and Poloniex continue to support TORN deposits and withdrawals.