Home
News
- 1 Tornado Cash was attacked by a hijacker on May 20 gaining complete governance
- 2 Hijacker got more than 700,000 votes for the malicious protocol
- 3 The hijacker stole more than 10,000 TORN tokens and sold them all
Tornado Cash, the decentralized crypto mixing platform is already in enough trouble, adding to that on May 20, a hijacker gained complete control of the governance with the help of a malicious protocol.
At 3:25 ET on May 20, an attacker granted a malicious proposal of over 1.2 million votes. Upon receiving more than 700,000 legitimate votes the attacker gained complete control over the governance of Tornado Cash.
Brief of the Attack on Tornado Cash
@samczsun powered by Open AI of the research-driven technology investment firm paradigm, shared that a proposal with similar logic that was previously used to pass the community was used during the malicious protocol. The attacker added additional functions to the proposal this time.
After gaining complete governance over Tornado Cash the attacker gained complete access to withdraw the locked votes and drain the tokens in the governance contract and also to brick the router. @samczsun further informed that the attacker withdrew 10,000 votes in the form of TORN and sold it all.
The attack is a good lesson for crypto investors to understand the proposal descriptions and logic in a better manner before voting. The community of Tornado Cash known as Tornadosaurus-Hex or Mr. Tornadosaurus Hex confirmed that funds in the governance were compromised. The community requested all its members to withdraw the funds that were locked in the governance.
The Tornado Cash team is currently looking for developers who can save the protocol from the brink of disappearance. The team stated that they need to get in contact with Binance since they’ve more tokens than attackers.
A former developer from the Tornado Cash platform is addressing the “critical flaw” that existed in Tornado Cash. By addressing that critical flaw the developer is trying to build a new crypto mixing service from scratch.
The developer is creating a new service with the hope that it can help the community against abuse from the hackers who’re taking advantage of the anonymous set of honest users without requiring any blanket solutions.
What is Tornado Cash and How is it Used?
With its decentralized nature, Tornado Cash is built on Ethereum and is a non-custodial privacy solution. The platform was developed by the Zcash team based on an open source. With its smart contact service, the protocol allows users to send ETH and ERC-20 deposits.
Any ETH or ERC-20 deposits in Tornado Cash can be withdrawn through a new address. Once withdrawn from the new address the deposit and the withdrawal site cannot be liked.
The TORN protocol is completely owned by the community ever since the Trusted Setup Ceremony in May 2020. In that ceremony, the Tornado Cash team changed the control of the protocol’s multi-sig wallet through a contract. As of now, the founders of Tornado Cash don’t have any control of the protocol and it is considered fully decentralized.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.
