- The exploiter stole 473,000 TORN, the mixer’s native token, worth over $2.1 million.
- With more than 700,000 votes, the attacker has taken complete control of administration.
An attacker used a fraudulent contract to get access to thousands of votes and take complete control of the popular cryptocurrency mixer Tornado Cash. Paradigm’s web3 research analyst @samczsun was the first to notice the problem over the weekend.
According to a tweet by user samczsun, the attacker claimed to have based their malicious proposal on the same reasoning as an earlier proposal without admitting that they included an additional function. Recently, however, the attacker “posted a new proposal to restore the state of governance,” as reported in a thread on the mixer’s community forum.
Complete Control of Administration
As soon as the request was approved by Tornado Cash users, the exploiter activated the emergency-stop mechanism and modified the proposal logic to give themselves 1.2 million bogus votes. With more than 700,000 valid votes, the attacker has taken complete control of the crypto mixer’s administration.
The attacker is now in a position to do anything they choose, including removing all locked votes, depleting all governance contract tokens, and even bricking the router. However, they are unable to empty specific pools.
A tweet from Web3 media collective @WhaleCoinTalk claims that shortly after seizing control of Tornado Cash’s contract, the exploiter stole 473,000 TORN, the mixer’s native token, worth over $2.1 million from the governance contract. The bad actor made a profit from the asset sales and redeposited cash into Tornado.
An involved community member known as Tornadosaurus-Hex said that the assault has compromised all funds under governance and requested that all members remove their assets from the contract.
Recommended For You:
Hacker Takes Over Governance Control of Crypto Mixer Tornado Cash