On May 20, an attacker granted themselves 1.2 million governance votes, exceeding the approximately 700,000 legitimate votes held by other members of the Tornado Cash decentralized autonomous organization (DAO). 

This effectively gave the attacker complete control over the protocol’s governance, something that has far-reaching consequences, with the attacker being able to withdraw all of the locked votes on the DAO and drain all the tokens in the governance contract.

The information was first shared on Twitter by Paradigm researcher “@samczsun,” who commented that the attack was akin to the end of Tornado Cash governance.

The anonymous individual behind the attack executed it through a carefully orchestrated plan, disguising the malicious proposal as one that used the same logic as an earlier proposal that had passed successfully. However, hidden in the contract was an extra function that allowed the attacker to update the logic and grant themselves fake votes. 

Now, the attacker has proposed undoing the changes and restoring the normal course of governance with a new proposal that would revert the attacker’s controlling share of tokens back to zero. According to governance member Tornadosaurus-Hex, there is a “good chance” the attacker will execute it.

“I mean note that we don’t even have a choice in regards to this proposal but it is still important nonetheless,” said Tornadosaurus-Hex.

Another member of the community, “0xdface” pointed out that this might be an attempt to pump the price of TORN which has fallen significantly following news of the governance takeover.

The funds in the Tornado Cash treasury are also at risk, considering the transfer function is controlled by governance. While the attacker cannot drain the protocol’s liquidity pools directly, the router can be manipulated to re-route deposits and withdrawals to another address.

The attacker took 483,000 TORN from the governance vault, selling 379,300 on-chain for $680,000 worth of ETH.

Meanwhile, Tornado Cash Nova contracts, which allow deposits and withdrawals in customized amounts, are directly upgradeable and can be drained by the attacker.