The governance system of Tornado Cash effectively ceased to exist. An unknown attacker orchestrated a cunning plan, granting themselves an overwhelming number of votes and seizing complete control of the platform.
Through a carefully crafted malicious proposal, the attacker managed to accumulate an astonishing 1,200,000 votes, surpassing the legitimate votes, estimated to be around 700,000. This staggering number granted the attacker full control over the Tornado Cash governance. With this newfound power, the attacker can execute various actions that could have severe consequences for the protocol.
Tornado Cash breach managed to acquire a grand sum of 483,000 TORN tokens from the Tornado Cash governance vault. Furthermore, they proceeded to deposit 6,000 TORN into Bitrue, while liquidating 379,300 TORN on the blockchain and converting it into 375 ETH, which amounts to approximately 680,000 U.S. dollars. The conversion rate stood at US$1.8 per TORN. Presently, there remains a balance of 97,700 TORN that has yet to be sold or transferred. Credit goes to EmberCN and wublockchain for this information.
The attacker, now in control of the governance system, holds the authority to exploit multiple functionalities within Tornado Cash. These include Withdrawal of Locked Votes, Drainage of Tokens, Bricking the Router
Fortunately, there are some limitations to the attacker’s control. They are unable to drain individual pools, safeguarding some of the locked funds and preventing total asset loss for users.