The blockchain and cryptocurrency sector is unfortunately punctuated by the occurrence of many hacks. While there is a strong investment being put into protecting protocols, especially in the decentralized finance (DeFi) sector, the absence of risk does not exist. The famous blender Tornado Cash actually the bitter experience after that a hacker has taken control of its governance.
Tornado Cash is an indispensable tool for the development of the industry, but inevitably controversial because of the service it offers. Indeed, Tornado Cash is a blender crypto currencies which allows users to anonymize their funds to minimize risk to their privacy.
However, since September 2022, Tornado Cash has been subject strong government pressure since it is accused of being used for the whitening silver. Moreover, its founder, Alex Pertsev, spent 9 months in prison because of his involvement in the creation of this mixer.
Today, a new test awaits Tornado Cash since a hacker has succeeded in regain control of the governance protocol thanks to a malicious proposal.
Learn more about: XRP: Ripple buys the Swiss giant Metaco for 250 million dollars
A hacker takes control of the governance of Tornado Cash
Tornado Cash naturally has a CAD in his community. This CAD is managed by the holders of the TORN cryptocurrency. Therefore, when a proposal must be voted on within the Tornado Cash DAO, the members are responsible for to vote for or against it.
Recently, a legitimate proposal had been adopted by the Tornado Cash community. Some time later, a new proposal using the same logic as the previous proposal was proposed to the DAO.
On the other hand, this proposal which seemed exactly similar at first sight contained an additional function. Indeed, the hacker had taken care to add a function that did not exist in the first proposal while hiding the existence of the latter.
In fact, when the community considered this new proposal, it did not suspect the pot of roses. Quickly after accepting this malicious proposal, the hacker used this hidden function to gain the benefit of 1.2 million additional votes within the DAO.
However, the governance of Tornado Cash had only 700,000 legitimate votes. Thus, the hacker took full control of the governance Tornado Cash DAO thanks to the acceptance of this malicious proposal.
What are the consequences for the Tornado Cash protocol?
First of all, the hacker’s takeover allows him to withdraw all the locked votes, but also to empty all the tokens of the governance contract. In all, according to MistTrack, $483,000 TORN allegedly stolen in attackbut the hacker would still have $97,700TORN in his wallet.
Thus, quickly, the hacker used his new position to illegitimately recover 6,000 JORN tokens which he deposited on Bitrue. Moreover, he exchanged $380,000TORN against its equivalent in $ETH.
Moreover, to succeed in his coup, the hacker used Tornado Cash to erase his tracks and succeed in get money out of protocol minimizing the risk of legal repercussions.
Next, it is important to note that Binance quickly communicated on this incident by declaring to temporarily pause withdrawals and deposits of $TORN on its platform. On the other hand, Justin Sunexplained that withdrawals and deposits remain available on his exchange Huobi.
For now, it seems difficult to really know the future reserved for the Tornado Cash protocol. Inevitably, the DAO will have to be completely overhauledbut Tornado Cash might still weather the storm.
The article A hacker takes control of the DAO Tornado Cash appeared first on Corner Academy