TL;DR
-
On May 18, the Tornado Cash DAO accidentally voted for a malicious proposal.
-
Basically, the attacker served a proposal which was approved to be voted on, and then the sneaky attacker activated a ‘self-destruct’ function that replaced the original proposal with a new, evil one, giving them complete control of the votes.
-
Yesterday the attacker made one new proposal to possibly “restore the state of governance”.
-
Did the attacker want to shine a light on the project and drive up the price of TORN? Or did they provide a wake-up call for DAOs to conduct more in-depth audits of the proposals sent to them?
Full story
Crazy things happened to the Tornado Cash project late last week.
Tornado Cash is known for things like being banned by the US government.
Suffice it to say it’s controversial at the best of times (it’s a ‘mixing service’ on the Ethereum network that basically makes your crypto untraceable), but brace yourself because this story is wild.
On May 18, the Tornado Cash DAO accidentally voted for a malicious proposal.
This man explains it much better; but in short, the attacker served a proposal which was approved to be voted on, and then the sneaky attacker activated a ‘self-destruct’ function that replaced the original proposal with a new, evil one, giving them complete control of the vote.
They could then award themselves 1.2 million TORN (the tokens of Tornado Cash DAO) from the governance contract.
They traded 380,000 TORN Tokens for 372 ETH and – get this – returned it via Tornado Cash to make it untraceable!
By keeping the other 820,000 TORN tokens, they still have full control over the DAO – it’s a hostile takeover if we’ve ever seen one.
Yesterday the attacker made one new proposal to possibly “restore the state of governance”.
Which LED some people to believe that all this has been a ploy to put the token in the spotlight and increase its price.
At the time of writing, TORN is down more than 30% so if that was the case, it certainly doesn’t work that well…
The more likely scenario is that the attacker wanted to wake up DAOs to conduct more in-depth audits of the proposals sent to them.
(And maybe not allow proposals with a built-in ‘self-destruct’ feature?)