Adding to the present roadblocks of the decentralized crypto mixer Tornado Cash, an attacker managed to achieve full management of the governance via a malicious proposal.
On May 20 at 3:25 ET, an attacker efficiently granted 1.2 million votes to a malicious proposal. Given that the proposal acquired greater than 700,000 reliable votes, the attacker gained whole management over Tornado Cash governance.
On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance successfully ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As that is greater than the ~700,000 reliable votes, they now have full management.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz
— @samczsun.com (@samczsun) May 20, 2023
The data was shared by @samczsun of research-driven expertise funding agency Paradigm, who revealed that, when sharing the malicious proposal, the attacker claimed that it used a logic just like a proposal that had beforehand handed by the group. However, this time, the proposal had an extra perform.
As defined by @samczsun:
“Once the proposal was passed by voters, the attacker simply used the emergencyStop function to update the proposal logic to grant themselves the fake votes.”
The whole management over Tornado Cash governance permits the attacker to withdraw the entire locked votes, drain the entire tokens within the governance contract and brick the router. At the time of writing, the attacker “simply withdrew 10,000 votes as TORN and sold it all,” stated @samczsun.
The assault comes as a reminder to crypto traders to vet proposal descriptions and logic. An energetic group of Tornado Cash, who goes by the identify Tornadosaurus-Hex or Mr. Tornadosaurus Hex, confirmed that every one funds in Governance are doubtlessly compromised and requested all members to withdraw all funds locked in governance.
As proven above, in addition they tried deploying a contract that might doubtlessly revert the modifications whereas nonetheless suggesting the group to withdraw their funds. Cointelegraph additionally got here throughout a misery name from considered one of Tornado Cash’s group developer who confirmed the above developments, stating:
“There was an attack on the protocol this morning that you already know about. All day, another community developer and I thought about what to do, but the situation is close to hopeless – currently the attacker controls Governance.”
The workforce is at present searching for Solidity builders that may assist save the protocol from extinction. They moreover acknowledged that “we need contact with Binance – this exchange has more tokens than the attacker.”
Related: Allbridge presents bounty to exploiter who stole $573K in flash mortgage assault
A former Tornado Cash developer is reportedly engaged on constructing a brand new crypto mixing service from scratch, which addresses the “critical flaw” present in Tornado Cash.
1/ We fastened @tornadocash 😇
v0 of https://t.co/Nt4b2Tgx1D is dwell on @optimismFND
check out the demo, however please notice:- that is experimental code- it has not been audited- the trusted setup is untrusted
learn the total story anon 🧵👇https://t.co/9nAU3RrgpN
— Ameen Soleimani (@ameensol) March 4, 2023