Tornado Cash hacker sends a proposal to reverse the attack

1 year ago 78

Over the weekend, an attacker took over Tornado Cash DAO, submitting a proposal that hid malicious code that granted them fake votes. Just a day later, the attacker sent another proposal to give governance back to users, although not all of them believe that it’s not a trick.

On May 21, the passage of the malicious proposal ceded full control of Tornado Cash DAO to the attacker. By taking over the DAO, the attacker could have done anything they wanted, such as withdrawing all locked votes and draining all tokens, resulting in massive losses for Tornado Cash users.

Simultaneously with the hack, Tornadosaurus-Hex, a member of the Tornado Cash community, sent a mitigation proposal, asking users to withdraw all funds from the governance.

 forums.tornadocash.communityTornadosaurus-Hex’s proposal to reverse the changes made by the attacker. Source: forums.tornadocash.community

However, to everyone’s surprise, the attacker reached out to users with a new proposal to β€œpotentially” restore the state of Tornado Cash governance. Tornadosaurus-Hex said:

The attacker posted a new proposal to restore the state of Governance. I think that there is a good chance he’s going to execute it.

 forums.tornadocash.community
Attacker’s proposal to return governance back to Tornado Cash users. Source: forums.tornadocash.community

Tornadosaurus-Hex added that the attacker will reset to zero the TONS tokens that gave them full control over Tornado Cash DAO. If the proposal is approved, the attacker will delete the previous proposal, which incorporated malicious code into the protocol stealing the voting power from the users. The proposal is scheduled for May 26, and while some of the users said that one can disagree with the way governance will return, others suspect that the attackers want to pump the TORN token price before cashing out.

TornadoCash attacker deployed new proposal that, if executed, would seemingly revert the damage done to the Governance functionality. Either they're giga trolling or it will end up being an expensive but not disastrous lesson in Governance security.https://t.co/QMWYFsi8kP

β€” 0xdeadf4ce (@0xdface) May 21, 2023

As a result, the TORN token price regained 10% and is now trading at $4.81, according to CoinGecko data. However, when the damage was done, TORN lost 40% and was trading at $3.61, compared to the previous mark of $6.10.

Read Entire Article