Hackers Breach Security of Approved Crypto Blender Tornado Cash

In an unexpected turn of events, Tornado Cash, a prominent service that helps users hide cryptocurrency transactions, has fallen victim to hackers who took control over the platform through a malicious governance proposal. The attack has raised concerns about the safety and reliability of decentralized systems. Binance, one of the largest crypto exchanges, temporarily suspended the deposits of the protocol’s governance token, TORN, following the attack.

Governance Exploit Grants Hackers Complete Control

Security researcher from Paradigm, Samczsun, revealed on Twitter that the attacker manipulated the governance mechanism, granting themselves 1.2 million fraudulent votes, which exceeded the 700,000 legitimate votes. This exploit gave the perpetrator full control over Tornado Cash’s governance functions.

Hackers Breach Security Of Approved Crypto Blender Tornado Cash

Tornado Cash works as a blockchain protocol controlled by a distributed network of computers, while its governance token, TORN, allows holders to vote for protocol changes. As the attacker wielded overwhelming power, they took advantage of the situation. Samczsun highlighted the potential for malicious activities following the takeover.

Now that they have all the votes, they can do whatever they want. In this case, they simply withdrew 10,000 votes as TORN and sold it all.

The attack had an immediate impact on the crypto ecosystem, with Binance temporarily suspending TORN deposits. Tornado Cash has long faced accusations of being a preferred tool for hackers and criminals seeking to launder illicit funds. Since its inception in 2019, about $8 billion has been funneled through the service, data from Dune Analytics show. These figures, combined with the recent exploit, underscore the pressing need for robust security measures in the crypto industry to protect users’ funds and maintain the integrity of decentralized platforms.

Tornado Cash Also Faced Sanctions Last Year

Tornado Cash also faced scrutiny last year when the US Treasury Department imposed sanctions on the protocol. The agency accused Tornado Cash of aiding North Korean hackers in laundering illicit gains, with the notorious Lazarus Group, known for its cybercriminal activities, allegedly laundering about $450 million through the service.

The aftermath of the Tornado Cash governance takeover raises questions about the security and resilience of decentralized platforms. It highlights the importance of implementing robust security protocols and conducting thorough audits to mitigate the risk of governance exploits. Incidents like this serve as a reminder of the ongoing challenges and the need for constant vigilance in safeguarding users’ funds and maintaining the trust and adoption of decentralized systems. As news of the attack spread, the TORN token’s value plummeted by 34% and was trading at $4.52 at the time of writing.

Tornado Cash (TORN)’s price moving sideways on the 4-hour chart. Source: TORN/BUSD on TradingView.com

-Featured image from Unsplash, Chart from TradingView

Bitrabo Editorial
Bitrabo Editorial
Editorial Team

The Bitrabo Editorial team is the collective voice behind Bitrabo’s trusted crypto coverage. From breaking news and market updates to in-depth research and guides, this account represents the combined efforts of our writers, analysts, and editors. Every article published under Bitrabo Editorial is fact-checked, curated, and written to inform, empower, and guide our growing global audience through the world of Web3, blockchain, and digital finance. When you see Bitrabo Editorial, you’re reading insights directly from the heart of our newsroom.