Popular crypto mixer Tornado Cash TORN token dropped by more than 30% after a malicious player hijacked its governance to steal over 480,000 tokens from its vault.
According to on-chain data, the attacker sold 379,000 tokens for 375 ETH (roughly $680,000) and still has 97,700 TORN tokens in their wallet. Available information also showed that the hacker deposited 6,000 tokens on Bitrue.
How the Attack Happened
Interestingly, the hacker deposited their profits from dumping TORN into the Tornado Cash mixer, according to a Peckshield report.
Paradigm researcher Samczsun explained that the attacker gained control of Tornado Cash governance by creating a malicious proposal. The hacker falsely claimed that the proposal used a similar logic to an earlier proposal.
However, unknown to the community, the attacker had added an emergency-stop function that allowed them to update the proposal logic to grant themselves 1.2 million votes.
According to Samczsun, the attacker’s control over the protocol’s governance could allow them to withdraw locked tokens, brick the router, and drain all the tokens in the governance contract.
However, the governance control does not allow the hacker to drain individual pools. So, anyone can still use Tornado Cash to move funds and not worry that the hacker will steal it.
But the attacker can access Tornado Cash Nova deployed on the Gnosis chain. This is a proxy administered by governance which means the attacker can update the contract to drain all the ETH in the pool. There are currently 510.8 WETH worth over $928,000 in the contract.
TORN Value Falls
Following the news, the TORN token has fallen by more than 25% to $4.69 as of press time, according to BeInCrypto data. The attack has also pushed the total market cap of the crypto token to less than $10 million.
Meanwhile, crypto exchanges like Binance have temporarily suspended deposits of the token to protect their users. However, Justin Sun’s Huobi and Poloniex maintain that deposits and withdrawals for TORN remain active. Sun added:
“We’re closely monitoring the situation and may adjust our policy as required to ensure secure. We appreciate your understanding and support.”
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.