After gaining control over the Tornado Cash DAO through a malicious proposal on May 20, the anonymous individuals behind the attack appear to be undoing the damage.
The attackers put forth proposal 21, which called for restoring the normal state of governance and reverting their share of governance tokens back to zero. In the first malicious proposal, the attackers granted themselves 1.2 million governance votes to take control of the governance.
Proposal 21 passed on Friday with what looked to be unanimous support from the community, with 517,000 TORN used in the process of voting. However, it is worth noting that the attackers themselves voted in favor of the proposal with their self-assigned governance power.
The motive behind the attackers’ decision to restore the normal governance parameters remains unclear at the time of writing. One theory is that the attackers no longer have an interest in controlling the DAO, having already swapped 483,000 TORN tokens for ETH, which they promptly sent back to Tornado Cash to be laundered.
Tornado Cash attacker still loves the protocol
Swaps a large portion of the 483K TORN it exploited to ETH mostly using 1inch and proceeds to send 360 ETH to Tornado cash pic.twitter.com/N22tA3xgvG
— Martin Lee | Nansen 🧭 (@themlpx) May 22, 2023
Another theory is that the move to give back governance control to the community is merely a ploy to increase TORN’s price, after which the attackers can sell the rest of the tokens they hold.
a possible outcome:
1. hacker got a bunch of TORN and dumped it
2. everyone else dumped TORN as well because now its worthless
3. hacker makes proposal to restore gov
4. people buy the token because price is low (everyone dumped)
5. hacker just dumps rest of tokens they hold https://t.co/41DOJ93Cd2
— 0xngmi (@0xngmi) May 21, 2023