Crypto mixer Tornado Cash suffers a governance attack on Sunday. Attackers took full control of Tornado Cash by granting themselves 1.2 million votes through a malicious proposal, which exceeds 700,000 legitimate votes.
Attackers are withdrawing TORN from the Tornado Cash governance vault, selling and swapping TORN for Ethereum (ETH). TORN price fell 35% to a low of $3.7 in 24hrs.
Crypto exchanges such as Binance on May 21 suspended TORN deposits as a precautionary measure. However, some exchanges have announced continuing deposits and withdrawals.
Please be informed that deposits and withdrawals of $TORN @tornado_cash remain active on @HuobiGlobal and @Poloniex. We’re closely monitoring the situation and may adjust our policy as required to ensure secure. We appreciate your understanding and support.
— H.E. Justin Sun 孙宇晨 (@justinsuntron) May 21, 2023
Here’s How Tornado Cash Was Attacked
Tornado Cash team was looking to make a fresh start after US sanctions, Alex Pertsev’s arrest, and other issues. A malicious nullification proposal was posted a few days ago and the team noted a possible exploit attempt at the governance level but didn’t take any action as no TORN was moved. The team was also looking at contracts being deployed after the proposal was passed successfully.
“We didn’t notice it because we were looking at the contracts being deployed (as seen in the analysis) but deemed it safe even though we completely missed that the selfdestruct call could be used with create2 for arbitrary code execution (for governance memory).”
Tornado Cash asked everyone to withdraw their funds locked in governance as they look into the issue and proposed to revert changes by attackers.
Samczsun, a researcher at Paradigm, revealed that Tornado Cash governance effectively failed on May 20 at 07:25:11 UTC. The attacker gained full governance control of Tornado Cash to withdraw all locked votes, drain TORN tokens in the governance vault, and brick the router, by adding an extra function in the malicious proposal that mimicked the recently passed proposal.
Hackers executed “self-destruct” call with create2 to replace the contract and then execute the balance additions. Initially, 10,000 votes as TORN was withdrawn from the governance vault and sold all.
Moreover, attackers can also drain all ETH in pools by upgrading the contract as Tornado Cash Nova deployed to Gnosis Chain is a proxy.
Until now, Tornado Cash governance exploiter has deposited 6K TORN to Bitrue, swapped 380K TORN for ETH, and transferred 372 ETH into Tornado Cash. The attackers still have some TORN.
TORN Price Fell 50%
TORN price fell over 50% in the last 24 hours as attackers withdraw tokens and sold them to exchanges and on-chain. Tornado Cash is really in trouble as the governance funds are compromised and other impacts remains uncertain.
The Tornado Cash price is currently trading at $4.52, with a 24-hour low and a high of $3.73 and $7.30, respectively.
Disclaimer: CryptoNewsBook is an online aggregator that fetches latest crypto news from different sources. This article is provided for general information purposes ONLY and contains data fetched from third party sources; hence, we do not endorse its accuracy. For more details, kindly visit The Source. Please report any fake news or false statement to Our Support Team. If you are the original owner of this content and wish it to be removed on this platform, kindly forward your request to Our Support Team.
Also Note: Cryptocurrencies are unregulated, and no part of this article should be understood nor interpreted as a recommendation/advice. #s4
