- The weekend attack on Tornado Cash may yet see more damage after an attacker stole tokens.
- “Do not forget that while the hacker still has votes, he can create a new malicious proposal at any time.”
- The attacker gained control of 483,000 TORN, which are valued at about $2.1 million.
A weekend attack on Tornado Cash, where an operator seized control of the privacy protocol’s governance after deceiving its token-holders, is still playing out. And the attacker could yet do more damage beyond theft of tokens.
“The protocol itself is not secure” even as the attacker focused instead on its governance mechanism, Tornado Cash’s pseudonymous community developer Theo told DL News. “Governance has extensive powers to manage it.”
Tornado Cash is managed by a DAO, or decentralised autonomous organisation, whose membership comprises of holders of the governance token TORN.
On Saturday, the community, unaware of the deceptive code embedded in the attacker’s proposal, inadvertently endorsed it, transferring control of the protocol’s governance.
“Should users be concerned? Of course, yes,” Theo said. “But it is worth understanding that a hacker is not able to do anything immediately.”
Tornado’s governance mechanism operates under a system that mandates public proposals for any change, necessitating a seven-day period for implementation. As of now, the attacker has not caused direct harm to the protocol itself. However, they have significantly drained its resources, leaving the DAO considerably depleted.
But the real danger lies in the attacker’s ability to propose new malicious proposals.
“The incident is not over yet,” Theo told DL News.
“Do not forget that while the hacker still has votes, he can create a new malicious proposal at any time.”
$1 million at risk on Tornado Nova
Perhaps the most significant risk of a potential malicious proposal places $1 million in jeopardy.
Tornado Cash functions across seven blockchains, including Ethereum, where it has been sanctioned by the Office of Foreign Assets Control of the US Treasury Department.
Tornado’s smart contracts are immutable across all blockchains, which means that they cannot be modified through governance. However, an exception exists on the Gnosis chain, where the protocol goes by the name Tornado Cash Nova.
This protocol on Gnosis can be directly upgraded via governance, which currently falls under malign control.
Tornado Nova has close to $1 million in pools that are susceptible to a drain via a governance proposal. This action, however, would require seven days to take effect. The attacker has not initiated such a move.
Could have been worse – and could still be worse
“Attacker could do almost anything with his first attack,” Theo said. Beyond attempting to drain Tornado Nova, the attacker could modify the protocol’s configuration.
The attacker could alter what’s known as the IPFS content hash — a unique code that acts as a digital address linked to tornadocash.eth and its related domains, which lets users interact with the protocol.
The attacker could tamper with the Tornado Router — an integral part of the system that directs the flow of data and transactions.
Users of the protocol could accidentally send their funds to the attacker under such scenarios.
But so far, the attacker has primarily focused on depleting the Governance Vault. The Governance Vault serves as a repository for Tornado Cash’s governance tokens, which are locked by users to earn rewards and enable participation in voting — like the vote for the attacker’s malicious proposal.
The attacker gained control of 483,000 TORN, which are valued at about $2.1 million.
Based on yesterday’s peak, these tokens could have fetched approximately $3.5 million. The attacker has already offloaded 10,000 TORN for $25,600, while trading 379,000 TORN in exchange for $680,000 worth of Ether.
Reverting the attack?
The attacker made an unexpected proposal last night, which, if approved by May 26, aims to restore the governance to its state prior to the attack.
Kieran Mesquita, an Ethereum developer, told DL News that one should not assume “that control of the governance contracts will be returned until we actually see it happen.”
In the most optimistic scenario, he said, control will be reinstated to the DAO. But tokens already sold can’t be returned. So the DAO would be substantially depleted even in the best-case scenario.
And in the most adverse outcome, he said, “the DAO is permanently shuttered.”
But Theo said there’s reason for optimism since “tokens will be returned to the stakers [...] in the next proposal — and there are enough of them in the Governance wallet to cover the withdrawal of tokens.”
“The only negative will be a slight drop in the price of the token,” he said.
Update: This article has been updated to include the last two paragraphs from Theo provided after the publication.