{"id":79062,"date":"2023-05-21T10:59:02","date_gmt":"2023-05-21T07:59:02","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=79062"},"modified":"2025-09-11T08:49:49","modified_gmt":"2025-09-11T05:49:49","slug":"unknown-attackers-seize-control-of-tornado-cash-governance","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/unknown-attackers-seize-control-of-tornado-cash-governance\/","title":{"rendered":"Unknown attackers seize control of Tornado Cash governance"},"content":{"rendered":"<p>On May 20, unknown actors seized control of Tornado Cash&#8217;s governance mechanism. According to Paradigm analyst known as samczsun, the attackers have already begun draining TORN tokens from the protocol&#8217;s smart contracts.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">On 2023\/05\/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.<a href=\"https:\/\/t.co\/nY87XmrYgT\">https:\/\/t.co\/nY87XmrYgT<\/a> <a href=\"https:\/\/t.co\/h9qjc3xRqz\">pic.twitter.com\/h9qjc3xRqz<\/a><\/p>\n<p>\u2014 @samczsun.com (@samczsun) <a href=\"https:\/\/twitter.com\/samczsun\/status\/1660012956632104960?ref_src=twsrc%5Etfw\">May 20, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the expert, the attackers inserted a malicious proposal, the code of which envisaged the possibility of calling the EmergencyStop function to update the logic after adoption. With it, they appropriated 1.2 million votes.<\/p>\n<p>The hackers gained the ability to revoke blocked tokens, transfer assets into the governing smart contract, and halt the router. <\/p>\n<p>The analyst stressed that the attackers cannot withdraw cryptocurrency from individual pools. However, they have already begun draining the locked votes.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Locked votes have been drained <a href=\"https:\/\/t.co\/MJbKKyFII2\">https:\/\/t.co\/MJbKKyFII2<\/a> <a href=\"https:\/\/t.co\/DyJnDwc3SZ\">pic.twitter.com\/DyJnDwc3SZ<\/a><\/p>\n<p>\u2014 @samczsun.com (@samczsun) <a href=\"https:\/\/twitter.com\/samczsun\/status\/1660094606019825664?ref_src=twsrc%5Etfw\">May 21, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>PeckShield researchers noted that the hackers swapped most of the withdrawn tokens for Ethereum and sent the cryptocurrency to the Tornado Cash address. Some assets were transferred to the Bitrue platform.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckshieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckshieldAlert<\/a> Tornado Cash Governance Exploiter has deposited 6K <a href=\"https:\/\/twitter.com\/search?q=%24TORN&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$TORN<\/a> to <a href=\"https:\/\/twitter.com\/hashtag\/Bitrue?src=hash&#038;ref_src=twsrc%5Etfw\">#Bitrue<\/a>. And swapped ~380K <a href=\"https:\/\/twitter.com\/search?q=%24TORN&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$TORN<\/a> for <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> and then transferred 372 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> into Tornado Cash<a href=\"https:\/\/t.co\/3fEa1kYFaz\">https:\/\/t.co\/3fEa1kYFaz<\/a> <a href=\"https:\/\/t.co\/BzqagupO5c\">pic.twitter.com\/BzqagupO5c<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1660160639837536256?ref_src=twsrc%5Etfw\">May 21, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Cointelegraph, the Tornado Cash community is attempting to deploy a proposal that would roll back the changes. However, users were advised to withdraw assets from the application&#8217;s smart contracts.<\/p>\n<p>Participants of the <span data-descr=\"decentralised autonomous organisation\" class=\"old_tooltip\">DAO<\/span> also noted that the exchange Binance has more tokens than the attackers, so it could theoretically help fix the situation.<\/p>\n<p>Binance, in turn, said it would pause deposits of <a href=\"https:\/\/twitter.com\/search?q=%24TORN&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$TORN<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Due to circumstances surrounding the protocol, <a href=\"https:\/\/twitter.com\/hashtag\/Binance?src=hash&#038;ref_src=twsrc%5Etfw\">#Binance<\/a> will temporarily pause <a href=\"https:\/\/twitter.com\/search?q=%24TORN&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$TORN<\/a> deposits until further notice.<\/p>\n<p>\u2014 Binance (@binance) <a href=\"https:\/\/twitter.com\/binance\/status\/1660127515459895296?ref_src=twsrc%5Etfw\">May 21, 2023<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to CoinGecko, in the wake of the negative news, TORN&#8217;s price has fallen by about 25%. At the time of writing, the token was trading near $4.7.<\/p>\n<p>In August 2022, Tornado Cash <a href=\"https:\/\/u1f987.com\/en\/news\/us-sanctions-tornado-cash-the-ethereum-mixer\">was sanctioned by the United States<\/a>. In the same month, Dutch authorities <a href=\"https:\/\/u1f987.com\/en\/news\/in-amsterdam-authorities-arrest-alleged-tornado-cash-developer\">arrested<\/a> the developer of the service, Alexey Pertsev.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On May 20, unknown actors seized control of Tornado Cash&#8217;s governance mechanism. According to Paradigm analyst going by the handle samczsun, the attackers have already begun draining TORN tokens from the protocol&#8217;s smart contracts.<\/p>\n","protected":false},"author":1,"featured_media":79063,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,80,1314],"class_list":["post-79062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-dao","tag-tornado-cash"],"aioseo_notices":[],"amp_enabled":true,"views":"25","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/79062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=79062"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/79062\/revisions"}],"predecessor-version":[{"id":79064,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/79062\/revisions\/79064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/79063"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=79062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=79062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=79062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}