Tornado Cash is hit by a malicious governance attack, and the latest recovery proposal may be an attempt by the attacker to inflate the coin price and sell off.

Tornado Cash hit by a malicious governance attack. Latest recovery proposal may be an attempt to inflate coin price and sell off.

Author: Nancy, BlockingNews

Recently, Tornado Cash, a well-known mixing coin protocol, suffered a malicious governance attack, and the governance control was completely controlled by the attacker. As a result, the price of the TORN token fell by more than 50%, and Binance even suspended deposits. Today, the Tornado Cash attacker has released a new proposal to restore governance status, seemingly implying that the protocol governance will be returned to the community, but the true motive is still unclear.

Over 480,000 TORN Tokens Stolen, Attacker Launches New Proposal to Restore Governance

On May 21, Blockingradigm researcher Samczsun tweeted that Tornado Cash suffered a governance attack at 15:25 on May 20, and the attacker proposed maliciously to grant himself 1.2 million votes, surpassing the legitimate number of votes (about 700,000) and gaining complete governance control. Through governance control, the attacker can withdraw all locked votes and exhaust all tokens in the governance contract, and disable the router. He also added that Tornado Cash Nova deployed to Gnosis Chain is an agent managed by governance, so the attacker also upgraded the contract to drain all ETH in the pool.

• Over $76 billion in funds have been stolen, taking stock of six major tools for securing cryptocurrency assets
• “Rebellious Girl” and “Internet-addicted Youth”: 13-year-old DAO Founder Finds Self in Web3
• How to dissect ETH volatility? Breakdown of F(X) novel stable asset and leverage scheme

According to on-chain analyst Yu Jin’s Twitter post, the Tornado Cash governance attacker obtained over 480,000 TORN from the governance treasury. As of May 22, 6,000 TORN has been deposited into Bitrue, 379,300 TORN has been sold on-chain and converted into 375 ETH, with an average selling price of 1.8 US dollars, and 97,700 TORN has not yet been sold/transferred out. The ETH obtained from the sale was ultimately transferred to the Tornado mixing coin to be washed out.

Due to the market panic caused by the Tornado Cash governance attack, and Binance’s announcement that it will temporarily suspend TORN deposits, the TORN token plummeted.

Two days later, the Tornado Cash attack seems to have reversed. Tornadosaurus-Hex, a member of the Tornado Cash community, stated in the forum that the Tornado Cash attacker has released a new proposal to restore governance status, and “it is very likely to be executed.” In the malicious proposal, he gave himself TORN as “lockedBalance-s” and reset it to 0.

If the proposal is passed, the malicious code integrated into the protocol by the attacker will be removed, and token holders will regain control of the DAO governance of Tornado Cash. Tornadosaurus-Hex said that he or someone else needs to propose an update to the governance contract. Tornadosaurus-Hex is ready to fix the logic, but needs to verify the storage layout so that the proxy upgrade does not break the contract. “We know we have no choice with this proposal, but it is still important.”

This proposal is expected to end voting on May 26th. However, some community members have warned that the plan may be an attempt by attackers to further manipulate the price of Tornado Cash’s TORN token. If the proposal to restore is not intended to raise prices, then it may be a disruptive or “expensive but not catastrophic” lesson.

Deposits totaling more than $8 billion face challenges from forked versions

As an on-chain mixer that uses zero-knowledge proof technology, Tornado Cash allows users to concentrate their funds into the mixer, thereby preventing the link path between deposit, withdrawal, and transfer addresses from being queried, in order to achieve privacy for user transfers. According to Dune Analytics data, the total amount of ETH deposited in the Tornado Cash protocol is about 3.72 million, with a total deposit amount of more than $8 billion and total revenue of about $20 million.

The anonymous transaction feature of Tornado Cash has made it the choice of most hackers for fund transfers, and major hacking events involving it include the Axie Infinity sidechain Ronin Network hacker laundering about $455 million through the protocol, and the Horizon asset cross-chain bridge hacker laundering about $96 million. According to previous analysis by security organization SlowMist, 74.6% of money laundering funds flowed into Tornado Cash in the first half of 2022 alone.

However, in August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against Tornado Cash, putting some Ethereum addresses that interacted with Tornado Cash or were related to it on the SDN List (U.S. Specially Designated Nationals List). At the same time, Tornado Cash developer Pertsev was also arrested in Amsterdam by Dutch law enforcement on charges of “concealing the flow of criminal funds and assisting in money laundering” through Tornado Cash.

According to the latest news, Alexey Pertsev has been released and is awaiting trial at home with an ankle monitor, and a further hearing on the case will be held on May 24th.

“Cryptocurrency mixers like Tornado Cash could become an essential part of public blockchain infrastructure,” Ethereum founder Vitalik Buterin said. According to Dune Analytics data, Tornado Cash still has a certain amount of daily deposits and new users, but has seen a significant loss compared to before, especially with the front-end disabled, it is even more difficult to attract ordinary users.

Moreover, Tornado Cash is currently facing competition from forked projects. On the one hand, although Tornado DAO has initiated several community rescues, such as when community member gozzy proposed in January this year that he would continue to take on Tornado’s subsequent development and gained high community support, DAO governance is now completely controlled by attackers, and the true intent of restoration proposals is still unknown. On the other hand, Ameen Soleimani, an early contributor to Tornado Cash, launched the forked project Primacy Pools v0, but it is called experimental code and has not yet been audited. According to Ameen Soleimani, since Tornado Cash was sanctioned, US citizens who have Tornado Cash funds must apply to OFAC for withdrawal permission, and only non-US citizens and authorized US government employees can legally use Tornado Cash. And if someone promotes the use of Tornado Cash, they may still be seen as conspiring to violate international sanctions.

For Tornado Cash, once the world’s largest mixer platform, the future development is not optimistic.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!