Crypto-tumbler Tornado Cash recently fell victim to a hostile takeover by a hacker who hijacked the governance mechanism of the whole protocol.
However, in an unexpected change of events, the attacker suddenly decided to return all the reins back together by presenting a proposal supposedly directed towards restoring governance control.
The surprising action raised curiosity among the community members and, therefore, drew further inquiries of the hacker’s real goals and incentives.
Tornado Cash is governed by a DAO and individuals who own the TORN governance token with which they can vote on crowdsourced bids.
On Saturday, May 27, a hacker managed to exchange an earlier benign proposal with their malicious proposal aka Trojan horse hidden in a secret code
With that proposal, the attacker instantly got himself 1.2 million votes that represent the majority.
The hack was discovered by a security researcher at Paradigm dubbed @samczsun on Twitter who reported the attack at the same time raising panic saying Tornado Cash governance had “effectively ceased to exist.”
The proposal passed successfully with a total of 517,000 token votes supporting the proposal, and no votes against.
Nansen’s reporter Martin Lee tweeted the attacker stole 483,000 Tornado Cash (TORN) tokens. Afterwards, they made a series of swaps, exchanging most of the stolen tokens into 485 Ether, worth around $890,000.
This means hacker saved 39,000 TORN for themselves, worth around $160,000. Since the whole point of crypto tumblers is to make coins virtually untraceable, in order to hide the funds’ origin, a part of the ETH was routed through Tornado Cash, adding another layer of anonymity to the transaction.
In June 2022, $100 million was stolen from Horizon Bridge — a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC) and Harmony blockchain networks — and then transferred to an address belonging to Tornado Cash.
In August 2022, Tornado Cash was officially sanctioned by the United States Treasury because of allegations that the protocol had been used for money laundering by North Korea’s hacker group Lazarus who allegedly had used it to transfer $450 million in stolen cash.
A group of six crypto investors, backed by Coinbase, have recently taken legal action against the U.S. Department of Treasury because they were unhappy with the sanctions imposed on Tornado Cash.
They said they believe the Treasury has overstepped the mark, breaking the law and the Constitution by forbidding people and companies from using Tornado Cash smart contracts. The plaintiffs asked the court to overturn the sanctions, allowing them to use the service without worrying about any legal repercussions.
The Tornado Cash hack is definitely not the first nor the last one. The fact that the hacker had a change of heart doesn’t represent the end. It only shows the vulnerability of such systems.
Recently, around $6 million was stolen via phishing-as-a-service offering where hackers used the services of Inferno Drainer.
They managed to steal $5.9 million from 4,888 victims.
Two cybersecurity incidents occurred last Wednesday. First, crypto recovery company Unciphered found a weakness in the hardware of SatoshiLabs’ Trezor T model crypto wallet, which allowed them to obtain private keys.
Second, a cross-chain protocol Celer claimed to have fixed a vulnerability that hackers could use to steal funds and disrupt the decentralized platform’s governance process. These events serve as a reminder of the importance of safeguarding one’s digital assets and staying informed of potential security risks in the evolving world of cryptocurrency.
This was a confusing and slightly embarrassing chapter for the crypto tumbler. Tornado Cash was always favored by some shady players who use it to launder illegal money, and is one of the reason why the existence of crypto tumblers is morally questionable.
Even though the hack didn’t prove to be catastrophic at the end, it did open doors to copy-pasters within the hackers ecosystem.
It could be though, as a crypto twitter member 0xdeadf4ce wrote, the actions of a “gigatroll” meant to teach an “expensive but not disastrous lesson.”
This also throws a different light on the fact that there is no law clarity within the crypto space and that this can lead to a damaged infrastructure and, perhaps even, more disastrous outcome.