Star Project Weekly | Optimism announces Bedrock upgrade time; Ledger's new "key recovery" function sparks controversy (5.15-5.21)
During the week from May 15th to May 21st, the developments worthy of attention are as follows:Worldcoin Introduces New Measures to Crack Down on KYC Providers Buying and Selling Iris Information;Osmosis, Axelar, etc. funded the development of the Cosmos ecological cross-chain security model "mesh security";Optimism mainnet Bedrock upgrade will take place on June 7th;Arbitrum Announces MXC as Its First L3 Blockchain;Starknet Foundation Announces First Batch of EAG Funded Projects, 67 Teams Received Funding;MetaMask publishes terms of use, users will not be able to export keys if they do not agree to the terms;Hardware wallet Ledger launches ID-based key recovery service, but some users object;Curve Finance: crvUSD UI is live;Former ParaSpace team Jay Yao and others resigned, and the team's "infighting" may end;Yuga Labs "HV-MTL" series mechs have been released。
Bottom-Layer 1
Bottom-Layer 1
Worldcoin Introduces New Measures to Crack Down on KYC Providers Buying and Selling Iris Information
According to a recent report by Odaily, because encrypted users in some regions cannot register to obtain shares when Worldcoin tokens are launched, some KYC service providers are purchasing iris information of some ordinary people in low-income countries and regions. At present, an iris KYC has soared to dozens Dollar.
A Worldcoin spokesperson acknowledged the phenomenon, but stressed that the issue was limited to "a few hundred instances." "Through ongoing threat and awareness monitoring measures, the Worldcoin team has uncovered suspicious and potentially fraudulent activity that is prompting individuals to register a verified World ID and then send it to a third-party World App instead of their own," the spokesperson said. of."
The spokesperson said that Worldcoin has taken several steps to try to control the problem, including "adjusting the initial in-person registration process and implementing dynamic and static QR codes"; Scanning an iris to re-acquire their World ID with their verified account will help stop the illegal sale of identification certificates.
The spokesperson added: "Despite these precautions, it is important to acknowledge that they do not completely prevent collusion or other attempts to circumvent the one-person-one-identity principle. To address these challenges, innovative ideas in mechanism design and social relationship attribution will be necessary." (The Block)
BNB Greenfield test network will be reset and upgraded on May 25
Odaily News The BNB Greenfield test network will be reset and upgraded from 14:00 to 18:00 on May 25th, Beijing time, and the Greenfield version will be upgraded to v0.2.0. The new upgraded version is named Mekong Testnet.
The new version will provide SP GC service, upgrade to cosmos-sdk v 0.47.2, clean up stale permissions, etc.
Odaily News Led by Osmosis, several Cosmos projects such as Axelar, Akash Network, ATOM Accelerator DAO, etc. are funding the development of a new cross-chain security model "mesh security".
Mesh security allows two or more Cosmos chains to consolidate the value of their validator staked tokens against security attacks. In the Mesh security framework, validators of a specific blockchain can re-stake their bound tokens to validators on a cooperative chain of their choice.
The mesh security program is expected to be completed in three phases, each expected to last around three months. Development and funding will continue with contributions from various teams in the Cosmos ecosystem. The final release is expected in the first quarter of 2024. (The Block)
NEAR chooses Wormhole as the official cross-chain bridge and will jointly develop ZK light client
Odaily News According to the official Twitter, the cross-chain bridge Wormhole announced that NEAR Protocol has chosen it as the new official cross-chain bridge. Wormhole will enable all NEAR assets to seamlessly bridge to more than 20 connected chains, and will support hundreds of Wormhole applications and communities into the NEAR ecosystem.
Additionally, Wormhole's core contributors will join Zpoken and NEAR in developing a ZK light client that attests and verifies Ethereum and NEAR state, enabling a more secure bridging experience.
Evmos: Resigned Lianchuang tried to sell 500,000 EVMOS, and is cooperating with it for recycling
Odaily News Evmos, the Cosmos ecological EVM compatible chain, tweeted that the team noticed that the resigned co-founder had been trying to sell 500,000 EVMOS tokens on Osmosis, which held 34 million EVMOS and pledged 11.5 million EVMOS . The initial lock-up period of the tokens in this address is one year, which will be released linearly over four years.
Evmos said that the joint venture made substantial contributions to the project and left because of disagreements on some issues. Evmos is currently working with it to transfer tokens back to the Evmos Foundation. The Evmos Foundation and the core contribution team utterly reject this behavior which only damages trust in the project.
Kava announced the completion of the Kava 13 mainnet upgrade and the launch of Kava EVM 2.0
Odaily News According to the official Twitter, Kava Chain announced that the Kava 13 mainnet will be launched on May 18, 2023. The focus of this upgrade is to launch Kava EVM 2.0, increase the utility of wallets, DApps and assets on the Cosmos SDK and EVM chain , Strategic Vault (strategic treasury) management upgrade.
Odaily News EOS Foundation founder and CEO Yves La Rose issued an open letter, aiming to take measures to allow Block.one (B 1 ) to fulfill its investment commitment to the EOS network (Block.One promised to invest 1 billion in the EOS network in 2018) Dollar).
The letter mentioned two possible options. Option one is to take legal action against Block.one that failed to fulfill its investment commitment. If enough token holders are interested in filing legal claims, the EOS Foundation is ready to assist in the transfer of EOS Holders come together in order to claim against Block.one; option two is a hard fork, block producers can consider a hard fork to exclude tokens owned by Block.one, including its encrypted trading platform Bullish Token transactions.
Terra Grant Foundation plans to seek external funding for Terra Classic
Odaily News Terra Grant Foundation (TGF) website shows that Terra core developer Edward Kim said that TGF plans to seek external funding for Terra Classic (LUNC) developers, projects and proposals. As part of this transition, the multi-signature wallet controlled by Edward Kim, TGF project manager Marco Ferreira, and Jagmot will be discontinued and replaced by the official TGF wallet owned by the TGF entity. In addition, TGF plans to negotiate with donors of existing contributions in the coming weeks to reach a consensus on donating funds.
BCH has undergone a hard fork upgrade on the evening of May 1st and supports smart contracts
The Optimism mainnet Bedrock upgrade will take place on June 7th with a mainnet downtime of 2 to 4 hours
Bottom layer-Layer 2
Odaily News According to the official Twitter, Optimism, the second-layer solution of Ethereum, announced that the upgrade of the Optimism mainnet Bedrock will be carried out on June 7. The upgrade will require the OP mainnet to be shut down for 2 to 4 hours.
In addition, on the day of the upgrade, transactions, deposits and withdrawals will not be possible during the downtime, and the OP mainnet chain will stop operating. Node operators need to start a fresh node deployment for Bedrock.
It is reported that Bedrock is a new generation of decentralized Rollup infrastructure developed by OP Labs, which aims to provide modularity, simplicity and Ethereum equivalent to Layer 2 networks.
Odaily News Optimism tweeted that with the upcoming one-year anniversary of the launch of OP, the circulation of OP will increase on May 31. In the two weeks before that, users may notice a large number of transfers on the chain, these are preparations for distribution planned transactions.
According to Token Unlocks data, Optimism will unlock 154,618,822.65 OP tokens on May 31, or about $278 million, or 3.6% of the total supply. Among them, 81,604,379 OPs were unlocked by core contributors, and 73,014,444 OPs were unlocked by investors.
Arbitrum Announces MXC as Its First L3 Blockchain
Odaily News On May 20th, at the edcon 2023 conference in Podgorica, Montenegro, MXC and Arbitrum jointly announced that MXC will migrate to Arbitrum, becoming the first L3 blockchain on the chain, and will be open to the Arbitrum community Distribute airdrops.
It is reported that MXC’s L3 is a Type-1 EVM built using ZK Roll-up zero-knowledge proofs. At the conference, MXC demonstrated IoT applications and IoT ecological projects on L3 zkEVM. The official airdrop details will be announced in the official Arbitrum AMA in May.
Starknet Foundation Announces First Batch of EAG Funded Projects, 67 Teams Received Funding
Odaily News According to the official announcement, the Starknet Foundation officially announced the first batch of EAG (Early Adopter Grants) funding projects, a total of 67 teams received funding, covering NFT, infrastructure, DeFi and DID and other fields.
EAG's total budget is as high as 10 million STRKs, which will be allocated to ecological project parties through multiple rounds of selection, with the purpose of providing early impetus for the Starknet ecosystem through actual on-chain deployment.
Loopring launches "Block Trade" function to build a P2P trading system
infrastructure components
infrastructure components
Odaily News Alex Smirnov, co-founder of the cross-chain bridge deBridge, tweeted that MetaMask issued terms of use. The terms state that users will not be able to export keys if they do not agree to these terms.
Hardware wallet Ledger launches ID-based key recovery service, but some users object
Odaily news hardware wallet manufacturer Ledger has released the Ledger Nano X firmware (2.2.1) version update, which introduces a service/function called "LedgerRecover".
According to reports, Ledger Recover is an ID-based key recovery service that provides backups for users' private key recovery phrases. Ledger Recover is currently compatible with Ledger Nano X and is available on Android and iOS running the latest Ledger Live version. Currently, an EU, UK, Canadian or US issued passport/national identification (ID) is required to subscribe to the service. In the coming months, the service will cover more countries and add support for more files.
The Ledger Recover service reportedly splits the wallet recovery phrase (essentially a human-readable form of a private key) into three encrypted shards and distributes them to three custodians: Ledger, cryptocurrency custodian Coincover, and code escrow Escrow Tech. If someone loses their seed phrase, two of the three shards can combine (pending identity checks) to regain access to locked funds. Essentially, Ledger Recover is an extra safety net; for $9.99 per month, it removes the danger of losing your encryption keys.
However, Ledger users expressed strong opposition to the feature because it would require secret seed phrases to be stored online and linked to passports or ID cards. The feature has faced criticism for requiring KYC registration. Some users say this goes against the privacy values held by many in the crypto community and that it defeats the purpose of hardware wallets.
LayerZero Labs Partners with Immunefi to Launch Up to $15M Bug Bounty Program
LayerZero Labs Partners with Immunefi to Launch Up to $15M Bug Bounty Program
LayerZero Labs, developer of blockchain interoperability protocol LayerZero, has partnered with bug bounty and security services platform Immunefi to launch a bug bounty program of up to $15 million for its protocol.
The top reward of $15 million also makes it the largest bug bounty program in the crypto ecosystem, surpassing MakerDAO’s $10 million bug bounty program.
Chainlink Launches Smart Contract Monitoring Service Chainlink Automation on Optimism
secondary title
DeFi
Curve Finance: crvUSD UI is live, currently only supports sfrxETH as collateral
The Uniswap community voted to approve the proposal on "Deploying Uniswap V3 to Moonbeam"
The Uniswap community voted to approve the proposal on "Deploying Uniswap V3 to Moonbeam"
The Tally voting page of Odaily News shows that the Uniswap community passed the proposal of "deploying Uniswap V3 to Moonbeam" almost unanimously (99.99%).
It is reported that discussions on the proposal have already begun in 2022. At that time, the proposal chose Nomad as the designated cross-chain messaging solution, and the proposal was forced to be suspended due to the attack on Nomad.
After Uniswap V3 is deployed to Moonbeam in the future, the Moonbeam Foundation will provide liquidity incentives.
After Uniswap V3 is deployed to Moonbeam in the future, the Moonbeam Foundation will provide liquidity incentives.
Synthetix: All Synthetix contracts on Optimism will be inaccessible during the Bedrock upgrade
Odaily news Synthetix, a synthetic asset agreement, issued a document stating that during the upgrade of the Optimism mainnet Bedrock from 00:00 to 04:00 on June 7th, Beijing time, all Synthetix contracts on Optimism will be inaccessible. Starting May 30th, Optimism trading rewards will be temporarily suspended. Starting from 00:00 on June 5, Beijing time, existing perpetual contract positions will be closed and new positions cannot be opened. 10 minutes before the Bedrock upgrade, that is, at 23:50 on June 6, Beijing time, all perpetual contract markets will be suspended, issuance (staker casting/destruction) will be suspended on Ethereum and Optimism, and synth exchange will be suspended on Optimism. All Synthetix contracts are accessible on the Ethereum mainnet. Rewards for continued trading thereafter will depend on smooth upgrades and subsequent resumption of trading. During the upgrade, all Synthetix contracts on Optimism will be inaccessible due to Optimism downtime. Once the Bedrock upgrade is complete, all features and contracts will be unblocked and accessible.
dYdX plans to launch more subDAOs to make ecological management more decentralized
Odaily News The decentralized perpetual contract protocol dYdX plans to launch more subDAOs to make the management of the ecosystem more decentralized, aiming to make dYdX a "completely decentralized version of the protocol." Currently dYdX is running two subDAOs to manage funding programs and operations.
BitDAO and Ethereum's second-layer solution Mantle Network will merge
Odaily News BitDAO announced that it will merge with Mantle Network, the second-layer solution of Ethereum funded by it. Members of the BitDAO community approved the merger through governance proposal BIP-21.
According to its "Brand, Token and Token Economics Optimization" proposal, BitDAO, Mantle, and BIT ecology will be collectively named Mantle, the existing governance and DAO will be called Mantle Governance, and BIT tokens will also be converted into Mantle .
GMX announced that the V2 version testnet is open to the public
GMX announced that the V2 version testnet is open to the public
According to official news from Odaily, the decentralized derivatives protocol GMX announced that its V2 version test network has been opened to the public, and users can test it on the Avalanche Fuji test network.
In addition, in addition to trying to conduct contract transactions, users can also test the function of providing liquidity. Users can visit the new Pools page to provide liquidity to V2 Pools and earn GM tokens. Liquidity supply can be single currency or trading pair.
In addition, in addition to trying to conduct contract transactions, users can also test the function of providing liquidity. Users can visit the new Pools page to provide liquidity to V2 Pools and earn GM tokens. Liquidity supply can be single currency or trading pair.
BisoSwap based on BRC-20 will be launched soon
Odaily News BisoSwap based on BRC-20 will be launched soon. BisoSwap is a liquidity infrastructure developed based on the Ordinals protocol, designed to provide liquidity for the BRC-20 ecosystem.
Bisoswap is committed to solving the problem of insufficient liquidity in BRC-20 by increasing the liquidity pool of LP transactions and real-time transactions. At the same time, in order to reduce the complexity of BRC-20 token transactions, Bisoswap is trying to introduce the BTC network into the LP model, making the use of BTC more diversified assets, and the LaunchPad and Staking functions will also be launched soon.
Odaily News Arbitrum structured product agreement Vovo Finance decided to gradually close the platform. Starting today, all Vaults will transition to a withdrawal-only model. The website will operate until the end of the year, enabling users to withdraw funds.
Vovo Finance stated that the team has significantly reduced costs since last year, and has retained 80% of the raised funds. As the platform is gradually closed, all remaining funds will be returned to investors.
NFT
Odaily News The NFT aggregation market Blur announced on its official tweet that its NFT lending platform Blend will be launched again on May 22, but did not disclose the name of the NFT series that will be supported next time. At the time of writing this article, the Blend platform has supported 6 NFT series. They are: CryptoPunks, Azuki, Milady Maker, DeGods, BAYC and MAYC.
In addition, Blur also revealed that so far, the loan amount of the Blend platform has reached 250 million US dollars, accounting for more than 80% of the market share in the transaction volume of NFT borrowers. Another function to promote partial loan repayment may also be launched next week.
Former ParaSpace team Jay Yao and others resigned, and the team's "infighting" may end
Odaily news NFT lending agreement ParaSpace co-founder Jay Yao tweeted: "Earlier today, I resigned from my position at ParaSpace along with other team members. Although we are still working hard to complete our solution, I want to spend A moment to apologize to the community for our internal affairs affecting our users - this was never intended to be an open issue and it should be resolved internally. I'm sorry it wasn't. I really hope Yubo and ParaSpace move forward .”
According to news yesterday, ParaSpace founder Yubo said on social media that he has been working closely with institutional partners to increase platform liquidity and reduce interest rates. In the future, international teams will be formed and more transparency will be brought to the community.
Two former advisors, Thomas Schmidt and Jay Yao, agreed to hand over multisig and official Twitter account access, but asked to be recognized for their contributions to the project and retain their co-founder titles in order to for later use. The pair will leave the team after signing a two-party agreement.
Ronin Network launches NFT marketplace Mavis Market
Ronin Network launches NFT marketplace Mavis Market
Odaily News The Ethereum side chain Ronin Network launched the NFT market Mavis Market to support the transaction of NFT on Ronin. Users can purchase NFTs with AXS, WETH, USDC, and RON. NFT authors can set their own royalties, and Mavis Market will charge a fixed fee of 2.5%, of which 2% will be allocated to Sky Mavis and 0.5% will be allocated to the Ronin treasury.
Yuga Labs "HV-MTL" series mechs have been released
Odaily News Yuga Labs announced that the "HV-MTL" series mechs have been opened, Power Source has received its metadata update, and is ready to display in the market, if the HV is still in the previous form, users need to refresh their market list metadata. The team calls HV a unique, dynamic NFT that evolves based on decisions.
It is reported that the HV-MTL series consists of 30,000 "Evo 1" Mechs NFTs. There are eight HVs and more than 1,050 features. They can be obtained by destroying the Sewer Pass. Holders of HV-MTL NFTs will be allowed to access future BAYC games and content.
Azuki community home page is live
Odaily News @ZAGABOND, the founder of the blue-chip NFT project Azuki, announced on social media that the new community homepage on Azuki's official website has been officially launched. As of this writing, 41 communities have settled in.
The homepage is classified according to three types of collection characteristics (such as Spirit Azukis' Spirit DAO and Gold Beanz's Gold DAO), language and region, and hobbies (such as Sake DAO). Azukis and Beanz holders can join the community according to the classification .
Art Blocks introduces BytecodeStorage V1 to enhance on-chain storage capabilities
Art Blocks, an Odaily news generation NFT art platform, tweeted that BytecodeStorage V1 was introduced on the basis of the existing SSTORE 2 to enhance the platform’s on-chain storage capabilities, and at the same time, it is compatible with the Ethereum core roadmap and the upcoming Ethereum Object Format (EOF) ) specification, the new model will support separating reads and writes into different databases.
With the improvement of the EOF roadmap, the team will incorporate it into the post-EOF BytecodeStorage V2 plan to ease the transition of DApp processing to not supporting EOF contracts and directly performing EXTCODECOPY on traditional contracts. Additionally, the team has also decided to add support for backward compatible reading of contracts written using the BytecodeStorage V 0 implementation as well as contracts written using SSTORE 2. In post-EOF, the interaction with the BytecodeStorage V1 shared reader needs to be through CALL instead of DELEGATECALL based on reading traditional contracts.
Cool Cats: Journey Season 2 is now live
Odaily News The blue-chip NFT project Cool Cats announced on social media that Journey Season 2 is officially launched, but it is currently only open to holders of Cool Cats, Cool Pets and Shadow Wolves NFT. Redeem into Shadow Wolves before the three-point casting window closes to participate.
Journey Season 2 will take place primarily in two communities, Cooltopia (for Cool Cats and Cool Pets holders) and Wandering Territory (for Shadow Wolves holders). It is reported that Cool Cats will also add two new reward categories this season.
"Fat Penguins" Pudgy Penguins Officially Introducing Pudgy World and Pudgy Toys
According to Odaily, the NFT project "Fat Penguin" Pudgy Penguins announced on social media that Pudgy Toys, the first community-licensed mass market product combining NFT and blockchain technology with physical toys, and Pudgy Worlds, an NFT digital platform, have been officially launched.
Pudgy Toys, which range in price from $8.99 to $24.99, are scheduled to ship on June 3, and buyers will receive a "birth certificate" to unlock the trait box featured in Pudgy World's first season. ), and obtain soul-bound tokens and NFTs, it is reported that all casting processes will be carried out on the Polygon blockchain.
Ubisoft to Unveil Assassin's Creed NFT Collection, Minting Opens May 16
According to official news from Odaily, game giant Ubisoft (Ubisoft) and Integral Reality Labs have cooperated to launch the "Assassin's Creed" NFT series "Assassin's Creed Smart Collectibles" on Polygon, which will officially open for casting on May 16. Each minted "digital soul" NFT can be used to customize and redeem 3D printed and NFC-enabled physical collections. Each NFT has a different rarity level, and higher-level NFTs can unlock more customization elements.
social contact
social contact
Odaily News According to the Litepaper released by the Web3 social graph protocol CyberConnect, the three core components of CyberConnect are CyberProfile, CyberConnect Social Graph and the smart contract wallet CyberWallet under development.
Suia and Cetus will each airdrop 100,000 SUI to reward all SUIA IDO participants
According to previous news, CyberConnect will be publicly sold on CoinList at 1:00 on May 19, 2023. The total supply of CYBER is 100 million, and this public sale accounts for 3% of the total supply. Additionally, 12% of the total supply is reserved in the CyberConnect community’s reward pool, of which 2.4% will be distributed to early adopters and community members when the token goes live.
Suia and Cetus will each airdrop 100,000 SUI to reward all SUIA IDO participants
Arweave Name Service Launches ANS DAO, ANS Token and Airdrop
Arweave Name Service Launches ANS DAO, ANS Token and Airdrop
Odaily News Arweave Name Service (ANS) announced the launch of ANS DAO, ANS tokens and community airdrops. ANS token holders will be able to create and vote on proposals in the DAO.
It is reported that the total supply of ANS is 100,000, 32.2% is used for DAO Reserve, 30% is allocated to the team and core contributors, 21.8% is used for community airdrops, and 16% is used to provide liquidity.
Odaily news Dmail and Worldcoin announced an in-depth cooperation, the latter joined the Dmail cross-chain communication ecology and carried out cooperation in market, user service, product integration, etc., to build a world-class digital citizen infrastructure. Dmail has thus become the first infrastructure communication protocol in the Web3 field to cooperate deeply with WorldCoin.
After cooperating with WorldCoin, Dmail will be the first to bring decentralized Web3 mailboxes with real data ownership to global users. At the same time, it will further explore in-depth cooperation with WorldCoin on decentralized communication protocols and decentralized data storage on a global scale.
Web3 social application Phaver launches Web3 social reputation system Phaver Cred
game
game
STEPN Developer Find Satoshi Lab Establishes Strategic Investment Unit
Odaily News According to official news, STEPN developer Find Satoshi Lab has established a strategic investment department, and its first investment project is VersaWallet.
In the future, the FSL strategic investment department will support more teams who are willing to make products and face users, and help them develop and grow.
Gameta Launches $30M Community Incentive Fund
Odaily News Web3 NFT game Gameta announced today that it will launch a community incentive fund worth up to 30 million US dollars.
Since its establishment in 2022, Gameta has launched 14 games so far, accumulating nearly 8 million users and more than 120,000 monthly active users. It currently ranks first in the BNB Chain game ecosystem, accounting for 27.5% of its users.
security incident
security incident
Odaily News The latest update of Aave V2 makes it impossible to withdraw, borrow and repay the approximately US$110 million WETH, USDT, WBTC, and WMATIC in Aave V2 on Polygon.
have to be aware of is:
have to be aware of is:
1. Only Aave v2 Polygon is affected. All other Aave v2 instances (including v2 Ethereum and Avalanche) are working fine. Aave v3 is totally fine because it's a completely different protocol.
2. All funds in the pool are absolutely safe, regardless of whether they are assets affected by vulnerabilities. In practice, these users cannot provide more of these assets, nor can they borrow, repay, or withdraw.
3. Currently, we do not recommend pausing pools via Aave Guardian (the only mechanism available) for the following reasons:
- To increase HF, users can still provide assets such as DAI, USDC, and AAVE to their positions. With pause(), this is not possible.
- HF/Close Threshold dynamic still applies, so 1) the maximum amount borrowed by a position is exactly the same as usual; 2) if the position falls below HF 1 at the time of the bug fix, it will be closed, which means a loss of the close bonus .
Waves Labs suffered 'financial damage' in half-year-long hack last year
Odaily news Waves founder Sasha Ivanov (Aleksandr Ivanov) said in an interview that hackers invaded Waves Labs last year, destroyed internal data and caused "financial losses." Hackers "sneaked into" Waves' management software system and tried to extort money from the struggling blockchain company.
The hacker told Ivanov: "We have been lurking in your system for half a year. So we know everything and you have to pay us." Ivanov declined to disclose the specific financial losses caused by the hacking attack, nor did he provide details about the stolen data. information. "The situation is so bad that we could suffer even greater financial losses," Ivanov said. A hack of Wave's internal systems could also expose users' data.
When asked why the hack wasn't disclosed to the Waves community after it became public in December, Ivanov ducked the question. "I didn't cry because we've been in a similar situation before," Ivanov said, without elaborating on what "a similar situation" meant. Ivanov suggested that the hacker had tried to cash out the stolen funds through a centralized exchange, but he declined to identify which exchange. (DL News)
Tornado.Cash was attacked by governance, and TORN fell by more than 20% in 24 hours
Odaily news Paradigm researcher Samczsun said on social media that at 15:25:11 on May 20th, Beijing time, Tornado.Cash suffered a governance attack. The attacker grants himself 1,200,000 votes by maliciously proposing (adding extra functionality to the proposal that enables him to update the logic of the proposal to get fake votes). Since this exceeds approximately 700,000 legitimate votes, the attacker now has full control.
With governance control, an attacker can: withdraw all locked votes; drain all tokens in the governance contract; disable routers, but the attacker still cannot drain individual pools. However, Samczsun later updated that Laël Cellier pointed out that Tornado Cash Nova deployed to Gnosis Chain is a governance-managed proxy. Therefore, an attacker can also drain all ETH in this pool by upgrading the contract.
