Attacker hijacks Tornado Cash governance via malicious proposal
The total control over Tornado Cash governance allows the attacker to withdraw all of the locked votes, drain all of the tokens in the governance contract and brick the router. Adding to the existing roadblocks of the decentralized crypto mixer Tornado Cash, an attacker managed to gain full control of the governance through a malicious proposal. On May 20 at 3:25 ET, an attacker successfully granted 1.2 million votes to a malicious proposal . Given that the proposal received more than 700,000 legitimate votes, the attacker gained total control over Tornado Cash governance . On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal , an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz — @samczsun.com (@samczsun) May 20, 2023 The information was shared by @samczsun of research-driven technology investmen...