Home / Tornado Cash Hack Saga Comes to an End. Did the Hacker Win this Battle?
4 min read

Tornado Cash Hack Saga Comes to an End. Did the Hacker Win this Battle?

Last Updated June 23, 2023 1:49 PM
Teuta Franjkovic
Last Updated June 23, 2023 1:49 PM

Key Takeaways

  • Crypto-mixer Tornado Cash fell victim to a hostile takeover
  • Hacker took over control of the blockchain protocol by hijacking its governance mechanism
  • Afterward, the hacker decided to hand back the reins
  • This revives the urgent need for law clarity within the crypto space 

Crypto-tumbler Tornado Cash recently fell victim to a hostile takeover by a hacker who hijacked the governance mechanism of the whole protocol.

However, in an unexpected change of events, the attacker suddenly decided to return all the reins back together by presenting a proposal supposedly directed towards restoring governance control. 

The surprising action raised curiosity among the community members and, therefore, drew further inquiries of the hacker’s real goals and incentives.

Hacker Steals $1M and Then Hands Back Control

Tornado Cash is governed by a DAO and individuals who own the TORN governance token with which they can vote on crowdsourced bids. 

On Saturday, May 27, a hacker managed to exchange an earlier benign proposal with their malicious proposal aka Trojan horse hidden in a secret code

With that proposal, the attacker instantly got himself 1.2 million votes that represent the majority.

The hack was discovered by a security researcher at Paradigm dubbed @samczsun on Twitter who reported the attack  at the same time raising panic saying Tornado Cash governance had “effectively ceased to exist.”

The hacker laundered stolen ETH  and TRON  tokens on Tornado Cash Router, but then proposed fixing the vulnerability and handing back control  of the platform to the community. 

The proposal passed successfully  with a total of 517,000 token votes supporting the proposal, and no votes against. 

Nansen’s reporter Martin Lee tweeted  the attacker stole 483,000 Tornado Cash (TORN) tokens. Afterwards, they made a series of swaps, exchanging most of the stolen tokens into 485 Ether, worth around $890,000. 

This means hacker saved 39,000 TORN for themselves, worth around $160,000. Since the whole point of crypto tumblers is to make coins virtually untraceable, in order to hide the funds’ origin, a part of the ETH was routed through Tornado Cash, adding another layer of anonymity to the transaction.

Tornado Cash Was Already Sanctioned for Money Laundering

In June 2022, $100 million was stolen from Horizon Bridge — a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC) and Harmony blockchain networks —  and then transferred to an address belonging to Tornado Cash. 

In August 2022, Tornado Cash was officially sanctioned  by the United States Treasury because of allegations that the protocol had been used for money laundering by North Korea’s hacker group Lazarus who allegedly had used it to transfer $450 million in stolen cash.

A group of six crypto investors, backed by Coinbase, have recently taken legal action  against the U.S. Department of Treasury because they were unhappy with the sanctions imposed on Tornado Cash. 

They said they believe the Treasury has overstepped the mark, breaking the law and the Constitution by forbidding people and companies from using Tornado Cash smart contracts. The plaintiffs asked the court to overturn the sanctions, allowing them to use the service without worrying about any legal repercussions.

Tornado Cash is not The End

The Tornado Cash hack is definitely not the first nor the last one. The fact that the hacker had a change of heart doesn’t represent the end. It only shows the vulnerability of such systems.

Recently, around $6 million was stolen via phishing-as-a-service offering where hackers used the services of Inferno Drainer.

They managed to steal $5.9 million from 4,888 victims.

Two cybersecurity incidents occurred last Wednesday. First, crypto recovery company Unciphered found a weakness in the hardware of SatoshiLabs’ Trezor T model crypto wallet, which allowed them to obtain private keys. 

Second, a cross-chain protocol Celer claimed to have fixed a vulnerability that hackers could use to steal funds and disrupt the decentralized platform’s governance process. These events serve as a reminder of the importance of safeguarding one’s digital assets and staying informed of potential security risks in the evolving world of cryptocurrency.


This was a confusing and slightly embarrassing chapter for the crypto tumbler. Tornado Cash was always favored by some shady players who use it to launder illegal money, and is one of the reason why the existence of crypto tumblers is morally questionable.

Even though the hack didn’t prove to be catastrophic at the end, it did open doors to copy-pasters within the hackers ecosystem.

It could be though, as a crypto twitter member 0xdeadf4ce  wrote, the actions of a “gigatroll” meant to teach an “expensive but not disastrous lesson.” 

This also throws a different light on the fact that there is no law clarity within the crypto space and that this can lead to a damaged infrastructure and, perhaps even, more disastrous outcome.