An attacker gained 1.2 million votes for a fraudulent proposal at 3:25 PM ET on May 20.
The group is looking for Solidity programmers to assist preserve the protocol.
The decentralized cryptocurrency blender Tornado Cash already had difficulties before an attacker took complete control of the governance by submitting a fraudulent proposal. An attacker gained 1.2 million votes for a fraudulent proposal at 3:25 PM ET on May 20. Because the proposition obtained over 700,000 valid votes, the attacker is now in complete control of Tornado Cash’s governance.
Research-driven technology investment company Paradigm’s @samczsun reported that the attacker claimed the fraudulent proposal employed similar reasoning to one that had already been approved by the community. The proposition, however, had another purpose this time around.
Serious Consequences
If an attacker takes full control of Tornado Cash’s governance. They may cancel all locked votes, deplete the governance contract’s token supply, and even brick the router. Attacker “simply withdrew 10,000 votes as TORN and sold it all,” according to @samczsun.
Crypto investors should use this assault as a warning to be extra careful. Especially, while reading proposal descriptions and analyzing their reasoning. A member of the Tornado Cash community known as Tornadosaurus-Hex or Mr. Tornadosaurus Hex has verified that all funds locked in Governance are at risk of being stolen and has asked that all members immediately remove all such funds.
In addition to the above-described efforts to persuade the community to withdraw their contributions. They also tried implementing a contract that might undo the alterations.
The group is looking for Solidity programmers at the moment to assist preserve the protocol from oblivion. On the other hand, it has been alleged that a former Tornado Cash developer is developing a new crypto mixing service from the ground up to fix the “critical flaw” in Tornado Cash.