Cyber Attackers Seize Control of Sanctioned Crypto Mixer Tornado Cash

blockchain.news:

Tornado Cash, a fully decentralized and open-source cryptocurrency mixer operating on Ethereum-based networks, has been subjected to a malicious takeover. This comes as another significant blow to the platform following its troubled history with regulatory authorities.

On August 8, 2022, the U.S. Department of the Treasury issued sanctions against Tornado Cash. The platform was accused of routinely enabling money laundering for harmful cyber actors due to its alleged lack of adequate controls. This led to its use being deemed illegal for U.S. citizens, residents, and firms. Subsequently, the project's website domain and GitHub accounts were suspended, and one of the developers was arrested.

In the current crisis, a bad actor manipulated the project's governance system by accumulating 1.2 million counterfeit votes, overpowering the 700,000 legitimate votes. The malefactor cunningly disguised their proposal to mimic a previously successful one, but it surreptitiously included a function that enabled the creation of counterfeit votes.

The perpetrator exploited the emergencyStop function, allowing them to modify the proposal logic swiftly and seize control of Tornado Cash's governance. This authority permits the intruder to withdraw locked votes, drain tokens from the governance contract, and possibly disrupt the router's functionality. In a swift move to profit from their control, the attacker quickly liquidated 10,000 votes worth of TORN tokens and seems capable of emptying all ETH from the pool.

Despite the community's urgent advice to participants to withdraw their locked assets and efforts to deploy a contract to reverse the changes, the bad actor continues to maintain governance control. This presents significant