Writer
Loading ...
A malicious proposal has opened the gates for a cyber attack on Tornado Cash Governance.
The attacker withdrew all the locked votes, as well as the tokens in the governance contract and bricked the router after gaining full control.
At the start of the weekend, the attacker published a malicious proposal that hid the code function which grants access to fake votes which can be used to manipulate Tornado Cash, its token as well as withdraw the locked Torn tokens.
According to @samczsun of research-driven technology investment firm Paradigm, the proposal received more than 700,000 legitimate votes.
In his tweet, he added that the attacker used a technique similar to a proposal that has already been passed by the community. Although, the proposal had other functions at this time.
Clarifying the function of this malicious proposal, @samczsun explained that:
“Once the proposal was passed by voters, the attacker simply used the emergency-stop function to update the proposal logic to grant themselves the fake votes.”
The total amount of voters withdrawn by the attacker is 10,000 as TORN and sold it all, added by @samczsun
Although the attack was not directed at the Tornado Cash protocol responsible for users to send funds through the service so as to hide the movement of funds and crypto addresses.
Meanwhile, Tornadosaurus-Hex, an active community for Tornado Cash affirmed that funds in Governance are compromised and advised users to quickly withdraw all their funds locked on the platform. According to a Tornado Cash community developer at the time this incident happened:
“There was an attack on the protocol this morning that you already know about. All day, another community developer and I thought about what to do, but the situation is close to hopeless – currently, the attacker controls Governance.”
The community added that they are trying to put a solution in place towards reverting the damages caused by this attack.
According to the organisation, they are currently in search of solidarity developers that can help salvage the protocol. The team additionally stated that they need to work closely with Binance because the exchange platform has more tokens than the attacker.
A former developer of the platform Tornado Cash is working on building a new crypto-mixing service from scratch to address the flaw existing in the protocol.
The developer added that in the hope of finding a solution to this cyber attack, he hopes that the solution will protect against further attacks on the operations of the system.
What Tornado Cash users experience today shows that there is a need for users to be watchful with the exchanges and platforms they interact with especially when it comes to making money. It is also safe to say that these platforms need to be on their toes by providing efficient security for the safety of user’s funds.
Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.
Trading financial products carries a high risk to your capital, especially trading leverage products such as CFDs. CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
This site is using Cloudflare and adheres to the Google Safe Browsing Program. We adapted Google's Privacy Guidelines to keep your data safe at all times.
Crypto Gambling is not available at your location.
For US visitors, we recommend playing at
Stake.us
Social Casino instead.
Crypto Gambling is not available at your location.
For US visitors, we recommend playing at
Stake.us
Social Casino instead.