Breaking: Tornado Cash Suffers Governance Attack, TORN Price Tumbles 50%

Crypto mixer Tornado Cash suffers a governance attack on Sunday. Attackers took full control of Tornado Cash by granting themselves 1.2 million votes through a malicious proposal, which exceeds 700,000 legitimate votes.

Attackers are withdrawing TORN from the Tornado Cash governance vault, selling and swapping TORN for Ethereum (ETH). TORN price fell 35% to a low of $3.7 in 24hrs.

Crypto exchanges such as Binance on May 21 suspended TORN deposits as a precautionary measure. However, some exchanges have announced continuing deposits and withdrawals.

Here’s How Tornado Cash Was Attacked

Tornado Cash team was looking to make a fresh start after US sanctions, Alex Pertsev’s arrest, and other issues. A malicious nullification proposal was posted a few days ago and the team noted a possible exploit attempt at the governance level but didn’t take any action as no TORN was moved. The team was also looking at contracts being deployed after the proposal was passed successfully.

“We didn’t notice it because we were looking at the contracts being deployed (as seen in the analysis) but deemed it safe even though we completely missed that the selfdestruct call could be used with create2 for arbitrary code execution (for governance memory).”

Tornado Cash asked everyone to withdraw their funds locked in governance as they look into the issue and proposed to revert changes by attackers.

Samczsun, a researcher at Paradigm, revealed that Tornado Cash governance effectively failed on May 20 at 07:25:11 UTC. The attacker gained full governance control of Tornado Cash to withdraw all locked votes, drain TORN tokens in the governance vault, and brick the router, by adding an extra function in the malicious proposal that mimicked the recently passed proposal.

Hackers executed “self-destruct” call with create2 to replace the contract and then execute the balance additions. Initially, 10,000 votes as TORN was withdrawn from the governance vault and sold all.

Moreover, attackers can also drain all ETH in pools by upgrading the contract as Tornado Cash Nova deployed to Gnosis Chain is a proxy.

Until now, Tornado Cash governance exploiter has deposited 6K TORN to Bitrue, swapped 380K TORN for ETH, and transferred 372 ETH into Tornado Cash. The attackers still have some TORN.

Also Read: Ledger Co-Founder Flag Security Risk In Open Source, Refutes Charles Hoskinson

TORN Price Fell 50%

TORN price fell over 50% in the last 24 hours as attackers withdraw tokens and sold them to exchanges and on-chain. Tornado Cash is really in trouble as the governance funds are compromised and other impacts remains uncertain.

The Tornado Cash price is currently trading at $4.52, with a 24-hour low and a high of $3.73 and $7.30, respectively.

Also Read: Is Bitcoin Price Really In Bull Market? Glassnode Data Suggest Otherwise