Tornado Cash Hacked: Attacker Takes Over Governance, Tables New Proposal

• Tornado Cash protocol was compromised by an attacker on May 20.
• The attacker tabled a proposal that might help the DAO regain control of the crypto mixer platform.
• There is speculation that price manipulation could be behind the attack, as TORN’s price dropped 36% after news of the exploit surfaced.

Tornado Cash Hacked

On May 20, crypto mixer platform Tornado Cash was the victim of an attack resulting in the DAO overseeing its operations losing control over the protocol. The attacker tabled a proposal later, replacing the contract logic with malicious code that granted them 1,200,000 fake votes.

Proposal Attempting to Regain Control

The attacker’s latest proposal might not be malicious and would likely pass since they control most votes. However, due to the hack, there is concern that they may withdraw all locked votes, drain tokens in governance contracts or brick the platform’s router. A Paradimn researcher shared that hackers had already drained locked votes from Tornado Cash Nova and could potentially upgrade contracts to drain ETH pools too.

Price Manipulation?

Speculation has arisen regarding whether price manipulation is behind this attack as news of it caused TORN’s price to drop 36%. Despite this initial dip, news of the proposal buoyed prices which resulted in a 9% rally in TORN’s daily high of $4.04 per token.

Using Crypto Mixers For Exploitation

Crypto mixers have often been used for exploitation as hackers use them to anonymize their loot. As such, security protocols need to ensure these services are secure so as not to allow future exploitation or money laundering schemes through them.

Conclusion

The attack on Tornado Cash highlights how vulnerable even sophisticated crypto protocols can be to exploits and manipulation if proper security measures are not taken into consideration when developing them. It also serves as a reminder for users to always remain vigilant when dealing with cryptocurrencies and use only trusted services where possible for their transactions