On Saturday an unnamed hacker or group of hackers essentially took over the DAO responsible for the operations, money and future plans of Tornado Cash which is a privacy focused crypto mixer .
The Hacker Used a Malicious Proposal to Take Control
Token holders may vote on proposed modifications to a project by locking up their tokens in decentralized autonomous organizations, or DAOs . Alterations might include anything from using surplus cash for the project’s own advantage to branching out into other networks .
The hacker released a malicious proposal at the weekend’s outset concealing a code function that allowed them fake votes . They may now use them to manage some features of Tornado Cash including torn (TORN) tokens kept in the primary governance contract or the withdrawal of locked torn (TORN) tokens .
To achieve this the hacker submitted a proposal that looked like an older version, but included malicious code that updated logic and granted the attacker access to all governance votes .
On Sunday a security researcher named @samczsun tweeted “Now that they have all the votes they can do whatever they want .” “They just cashed out 10,000 votes as TORN and sold them” the source said .
Luckily, The Tornado Cash Protocol Is Unaffected
Since the Tornado Cash protocol itself is unaffected customers may continue to utilize the service to conceal the origins and destinations of their cryptocurrency transactions . No smart contract or other technology was involved in the functioning of Tornado Cash that was exploited in this attack .
Meanwhile members of the Tornado Cash community have proposed some fresh ideas to roll back the code . One community member saw that the attacker had minted more than a million torn for themselves, now valued at more than $4 million .
Binance Stopped Trading Torn
Binance has temporarily halted TORN deposits after the governance hack on Tornado Cash . The stock exchange announced on Twitter:
“Due to circumstances surrounding the protocol Binance will temporarily pause TORN deposits until further notice .”