Adding to the existing roadblocks of the decentralized crypto mixer Tornado Cash, an attacker managed to gain full control of the governance through a malicious proposal.
On May 20 at 3:25 ET, an attacker successfully granted 1.2 million votes to a malicious proposal. Given that the proposal received more than 700,000 legitimate votes, the attacker gained total control over Tornado Cash governance.
On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz
— @samczsun.com (@samczsun) May 20, 2023
As explained by @samczsun:
“Once the proposal was passed by voters, the attacker simply used the emergencyStop function to update the proposal logic to grant themselves the fake votes.”
As shown above, they also attempted deploying a contract that could potentially revert the changes while still suggesting the community to withdraw their funds. Cointelegraph also came across a distress call from one of Tornado Cash’s community developer who confirmed the above developments, stating:
“There was an attack on the protocol this morning that you already know about. All day, another community developer and I thought about what to do, but the situation is close to hopeless – currently the attacker controls Governance.”
A former Tornado Cash developer is reportedly working on building a new crypto mixing service from scratch, which addresses the “critical flaw” existing in Tornado Cash.
1/ We fixed @tornadocash 😇
v0 of https://t.co/Nt4b2Tgx1D is live on @optimismFND
test out the demo, but please note:
– this is experimental code
– it has not been audited
– the trusted setup is untrusted
read the full story anon 🧵👇https://t.co/9nAU3RrgpN
— Ameen Soleimani (@ameensol) March 4, 2023
Magazine: ‘Moral responsibility’: Can blockchain really improve trust in AI?
Disclaimer: CryptoNewsBook is an online aggregator that fetches latest crypto news from different sources. This article is provided for general information purposes ONLY and contains data fetched from third party sources; hence, we do not endorse its accuracy. For more details, kindly visit The Source. Please report any fake news or false statement to Our Support Team. If you are the original owner of this content and wish it to be removed on this platform, kindly forward your request to Our Support Team.
Also Note: Cryptocurrencies are unregulated, and no part of this article should be understood nor interpreted as a recommendation/advice. #s1