The Tornado Cash protocol, which makes crypto transactions untraceable, fell victim to a management attack today. A rogue hacker group used the previous bid to over-vote and snatched $10,000. The news of the hack led to more than 50% drop in altcoin price.
Autopsy report of Tornado Cash hack attack
In the Tornado Cash crypto mixer project, a proposal aimed at penalizing cheating network participants was successfully passed in the DAO voting. However, the bidder added an additional function for later use. In this way, he obtained 1.2 million votes, which was more than necessary. Thus, with over 700,000 real Tornado Cash votes, he took full control of the project.
The attacker has already emptied the locked votes. He sold the TORN tokens he obtained in a short time. TORN is a management token that gives voting rights to its holder and traded between $5 and $7 at the time of the attack. The attacker then mixed 360 ETH ($655,300) in Tornado Cash. In this way, he made his transactions untraceable. Meanwhile, TORN’s value has dropped more than 50% as it sells tokens.
The attacker now has full control over the DAO. Therefore, it has the power to withdraw all the locked votes (it has already done this), dump all the tokens in the management contract, and brick the router (permanently disable it).
Justin Sun says they’re watching closely
Centralized exchanges like Binance suspended TORN transactions after the Tornado Cash attack. However, some exchanges continue to keep trades open. One of them was the Justin Sun-backed Huobi. The Tron founder wrote on Twitter today:
TORN deposits and withdrawals continue on HuobiGlobal and Poloniex. We are monitoring the situation closely and may adjust our policy as necessary to ensure security. Thank you for your understanding and support.
These altcoins have been seized
Attackers also have the ability to dump all ETH in pools by raising the contract, as Tornado Cash Nova is a proxy deployed to Gnosis Chain.
So far, Tornado Cash has deposited 6,000 TORNs on the offensive group Bitrue. They exchanged 380,000 TORN for ETH and transferred 372 ETH to Tornado Cash. It is estimated that the attackers still have some TORN.
compensation process
A former Tornado Cash developer is reportedly trying to build a new crypto mixing service from the ground up that fixes an existing “critical flaw” in Tornado Cash. The developer hopes that the solution will “empower the community to defend against hackers who abuse anonymity sets of honest users without requiring general regulation or compromising their crypto ideals.”
As Kriptokoin.com, we recently reported the $ 5.4 million hacking attack targeting ParaSpace.