Hacker Takes Over Tornado Cash DAO Using Vote Fraud

Twitter icon  •  Published 10ヶ月前  •  Hassan Maishera

The Tornado Cash DAO suffered an exploit over the weekend after a hacker used a malicious proposal to take over the DAO.

TL;DR

  • An unidentified hacker has taken over Tornado Cash using a malicious proposal.

  • The hack opens up the floodgates to a potential treasury drain for the decentralized autonomous organization.

  • The attacker has submitted a proposal to undo the attack.

Tornado Cash Suffers An Attack

Tornado Cash has suffered an attack after a malicious proposal allowed an unidentified attacker to access the DAO. The attack has now opened up the possibility of a treasury drain. 

According to multiple reports, the DAO in charge of operations, funds, and future plans of the crypto mixer Tornado Cash was taken over by the unidentified hacker or group of attackers over the weekend. 

DAOs operate by allowing token holders to lock their tokens as votes for proposing changes to a crypto project. The changes can include the deployment of treasury funds and the expansion of a project to other networks. 

The hacker launched a malicious proposal on the Tornado Cash network that hid a code function, granting them fake votes that were then used to handle some aspects of the ecosystem. The attacker had access to Torn (TORN) tokens held in the main governance contract and could also withdraw locked TORN tokens. 

According to security research @samczsun, the attacker could do whatever they want now that they have all the votes. The attacker went on to withdraw 10,000 votes as TORN and sell them.

Hacker Submits A Proposal To Undo Attack

The attack didn’t affect the actual Tornado Cash protocol, as it wasn’t an exploit or any smart contract or technology related to the working of the protocol. 

The attacker went on to submit a proposal that would revert Tornado Cash’s governance back to token holders. However, not everyone in the community agrees that it's a good plan.

 

Author

Hassan Maishera

Hassan is a Nigeria-based financial content creator that has invested in many different blockchain projects, including Bitcoin, Ether, Stellar Lumens, Cardano, VeChain and Solana. He currently works as a financial markets and cryptocurrency writer and has contributed to a large number of the leading FX, stock and cryptocurrency blogs in the world.