Show feed
Tornado Cash DAO suffers hostile takeover
Sun May 21 2023web3isgoinggreat (read full)
A proposal ostensibly to penalize cheating network participants in the Tornado Cash crypto tumbler project was successfully passed by majority vote. However, the proposer had add an extra function called `emergencyStop()`, which they used to grant themselves 1.2 million votes. Now that they have more than the ~700,000 legitimate Tornado Cash votes, they have full control of the project. The attacker has already drained locked votes and sold some of the $TORN tokens, which are governance tokens that both serve as a vote but also traded for $5–$7 around the time of the attack. The attacker has since tumbled 360 ETH (~$655,300) through Tornado Cash to obscure its final destination. Meanwhile, $TORN plummeted in value more than 30% as the attacker dumped the tokens. The attacker now has full control over the DAO, which according to crypto security researcher Sam Sun grants them the ability to withdraw all of the locked votes, drain all of the tokens in the governance contract, and "brick" (make permanently non-fu...