Over the weekend, an attacker took over Tornado Cash DAO, submitting a proposal that hid malicious code that granted them fake votes. Just a day later, the attacker sent another proposal to give governance back to users, although not all of them believe that itβs not a trick.
On May 21, the passage of the malicious proposal ceded full control of Tornado Cash DAO to the attacker. By taking over the DAO, the attacker could have done anything they wanted, such as withdrawing all locked votes and draining all tokens, resulting in massive losses for Tornado Cash users.
Simultaneously with the hack, Tornadosaurus-Hex, a member of the Tornado Cash community, sent a mitigation proposal, asking users to withdraw all funds from the governance.
However, to everyoneβs surprise, the attacker reached out to users with a new proposal to βpotentiallyβ restore the state of Tornado Cash governance. Tornadosaurus-Hex said:
The attacker posted a new proposal to restore the state of Governance. I think that there is a good chance heβs going to execute it.
Tornadosaurus-Hex added that the attacker will reset to zero the TONS tokens that gave them full control over Tornado Cash DAO. If the proposal is approved, the attacker will delete the previous proposal, which incorporated malicious code into the protocol stealing the voting power from the users. The proposal is scheduled for May 26, and while some of the users said that one can disagree with the way governance will return, others suspect that the attackers want to pump the TORN token price before cashing out.
As a result, the TORN token price regained 10% and is now trading at $4.81, according to CoinGecko data. However, when the damage was done, TORN lost 40% and was trading at $3.61, compared to the previous mark of $6.10.