TL;DR
-
On May 18, the Tornado Cash DAO accidentally voted in a malicious proposal.
-
In short, the attacker submitted a proposal which was approved to be voted on, and then the sneaky attacker activated a ‘self-destruct function’ which replaced the original proposal with a new, malicious one, giving them full control of the votes.
-
Then yesterday, the attacker made a new proposal to potentially “restore the state of Governance.”
-
Did the attacker want to shine light on the project and pump up the price of TORN? Or were they providing a wake up call for DAOs to do more in-depth audits of the proposals sent to them?
Full Story
Late last week, some crazy things happened with the Tornado Cash project.
Tornado Cash is famous for things like being banned by the US Government.
Suffice to say it’s controversial at the best of times (it’s a ‘mixing service’ on the Ethereum network which basically makes your crypto untraceable) but buckle up cause this story is wild.
On May 18, the Tornado Cash DAO accidentally voted in a malicious proposal.
This guy explains it way better; but in short, the attacker submitted a proposal which was approved to be voted on, and then the sneaky attacker activated a ‘self-destruct function’ which replaced the original proposal with a new, malicious one, giving them full control of the votes.
They were then able to grant themselves 1.2M TORN (which are Tornado Cash DAO’s governance tokens) from the governance contract.
They swapped 380,000 TORN tokens for 372 ETH and – get this – ran it back through Tornado Cash to make it untraceable!
By keeping the other 820k TORN tokens, they still have complete control over the DAO – it’s a hostile takeover if we’ve ever seen one.
Then yesterday, the attacker made a new proposal to potentially “restore the state of Governance.”
Which led some people to believe this has all been a ploy to put the token in the spotlight, boosting it’s price.
At the time of this writing, TORN is down over 30% so if that was the case, it’s certainly not working too well…
The more likely scenario is that the attacker wanted to provide a wake up call for DAOs to do more in-depth audits of the proposals sent to them.
(And maybe not allow proposals with a ‘self-destruct function’ built into them?)