Original Author: Nancy, PANews

Recently, the well-known currency mixing protocol Tornado Cash created a malicious governance attack, and the governance control was completely controlled by the attacker. Affected by this, the price of the token TORN once fell by more than 50%, and Binance even suspended deposits. Today, the Tornado Cash attacker released a new proposal to restore the governance status, which seems to imply returning the governance rights of the protocol to the community, but its real motivation is unclear.

first level title

More than 480,000 TORN were stolen, and the attacker launched a new proposal to restore governance

On May 21, Paradigm researcher Samczsun tweeted that at 15:25 on May 20, Tornado Cash encountered a governance attack. The attacker granted himself 1.2 million votes through a malicious proposal, which exceeded the number of legal votes (about 700,000). full governance control. With governance control, an attacker can withdraw all locked votes and drain all tokens in the governance contract, disabling the router. He also added that the Tornado Cash Nova deployed to Gnosis Chain is a governance-managed proxy, so the attacker also upgraded the contract to drain all the ETH in the pool.

According to the tweet of the chain analyst Ember, the Tornado Cash governance attackers obtained a total of over 480,000 TORN from the governance vault. The on-chain selling was converted into 375 ETH, with an average selling price of $1.8. There are still 97,700 TORN that have not been sold/transferred out, and the ETH obtained from the sale was eventually transferred to Tornado to mix and wash out.

As Tornado Cash suffered a governance attack that caused panic in the market, and Binance officially announced that it would temporarily suspend TORN deposits, its token TORN fell sharply.

After two days, the Tornado Cash attack incident seems to usher in a reversal. Tornado Cash community member Tornadosaurus-Hex stated in the forum that the Tornado Cash attacker issued a new proposal to restore the governance status, and "it is very likely that it will be implemented." In the malicious proposal, he gave his own TORN as "lockedBalance- s" and reset it to 0.

Voting on the proposal is expected to close on May 26. However, some community members warned that this plan may be an attempt by attackers to further manipulate the price of Tornado Cash’s TORN token. If the reinstatement proposal wasn't about raising prices, it could have been a hack or an "expensive but not disastrous" lesson.

first level title

The total deposit exceeds 8 billion US dollars, facing the challenge of the forked version

As an on-chain mixer using zero-knowledge proof technology, Tornado Cash achieves user transfer privacy by pooling users' funds into the mixer, allowing the link path between deposit, withdrawal, and transfer addresses to be unquerable . According to data from Dune Analytics, the total transfer amount of the Tornado Cash protocol is about 3.72 million ETH, the total deposit exceeds 8 billion U.S. dollars, and the total income is about 20 million U.S. dollars.

The anonymous transaction function of Tornado Cash makes this protocol the choice for most hackers to transfer funds. The large-scale attacks involved include the Axie Infinity side chain Ronin Network hacker cleaning about 455 million US dollars through this protocol, and the asset cross-chain bridge Horizon hacker cleaning about 9,600 USD. million dollars etc. According to the previous analysis of the security agency SlowMist, in the first half of 2022 alone, 74.6% of money laundering funds flowed to Tornado Cash.

However, in August 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Tornado Cash, and put some addresses that interact with Tornado Cash or related Ethereum addresses into the SDN List (U.S. Specially Designated Nationals List) ). At the same time, Pertsev, the developer of Tornado Cash, was also arrested by Dutch law enforcement in Amsterdam on charges of “concealing the flow of criminal funds and facilitating money laundering” through Tornado Cash.

According to the latest news, Alexey Pertsev has been released and can wait for trial at home with an ankle monitor. Further investigation hearings in the case will be held on May 24.

"Encrypted asset mixers like Tornado Cash may become an integral part of the public blockchain infrastructure." Ethereum founder Vitalik Buterin once said. According to Dune Analytics data, Tornado Cash still has a certain amount of deposits and new users every day, but it has experienced a large loss compared to before, especially when the front end is disabled, it is more difficult to attract ordinary users.

Not only that, Tornado Cash is currently facing competition from forked projects. On the one hand, although Tornado DAO has initiated many times of community self-help, for example, community member gozzy initiated a proposal to the community in January this year, saying that he would continue to undertake the follow-up development of Tornado and was approved by the community with high votes. But right now DAO governance has been completely controlled by attackers, and the true intention of the restoration proposal is still unknown. On the other hand, Ameen Soleimani, an early contributor to Tornado Cash, launched the fork project Primacy Pools v 0, but this project is called experimental code and has not yet passed the code audit. According to Ameen Soleimani, since Tornado Cash was sanctioned, U.S. citizens with Tornado Cash funds must apply to OFAC for a withdrawal permit. Only non-U.S. citizens and authorized U.S. government employees can legally use Tornado Cash, and if someone promotes the use Tornado Cash could still be considered a conspiracy to violate international sanctions.