On Saturday, an unidentified attacker or group of attackers took control of Tornado Cash DAO. Tornado Cash, a Decentralized Autonomous Organization (DAO), is responsible for managing the operations, funds, and future plans of the privacy-focused crypto mixer.
In addition, a malicious proposal that included a hidden code facilitated the attack. It allowed the attacker to gain unauthorised votes. They also manipulated various aspects of Tornado Cash, including the main governance contract and withdrawal of locked torn tokens.
Implications of the hacker attack on Tornado Cash DAO
The attacker successfully deceived the DAO members by disguising the proposal as a previous version. Furthermore, it led to them gaining complete control over the voting system.
Utilising this control, the attacker withdrew 10,000 TORN votes and sold them on the market. As a result, there was a significant impact on the token’s value.
Further, it’s important to note that this attack does not compromise the integrity of the Tornado Cash protocol itself. The protocol continues to function as a privacy-enhancing service for fund transfers. The attack did not exploit any vulnerabilities in the smart contracts or the underlying technology of Tornado Cash.
Value of Tornado Token down by 40%
As a result of the governance attack, the value of the TORN tokens has experienced a significant decline. It has gone down by 40% within the past 24 hours, as per available data.
Consequently, the Tornado Cash community has proposed solutions to reverse the malicious changes made by the attacker. It has been reported that the attacker illicitly minted over 1 million TORN tokens, which are valued at over $4 million based on current market prices.
One suggestion to address the situation is to create a new contract and distribute new tokens to token holders, offering a potential resolution to the community.