{"id":582363,"date":"2023-05-22T13:56:25","date_gmt":"2023-05-22T12:56:25","guid":{"rendered":"https:\/\/en.ethereumworldnews.com\/?p=582363"},"modified":"2023-05-22T13:56:39","modified_gmt":"2023-05-22T12:56:39","slug":"tornado-cash-attacker-funnels-360-eth","status":"publish","type":"post","link":"https:\/\/en.ethereumworldnews.com\/tornado-cash-attacker-funnels-360-eth\/","title":{"rendered":"Tornado Cash Attacker Funnels 360 ETH Through Crypto Mixer After Weekend Governance Exploit"},"content":{"rendered":"\n<p>Summary: <\/p>\n\n\n\n<ul><li>The Tornado Cash attacker swapped 483,000 TORN tokens for 360 Ether before sending the ETH back to the Ethereum-based crypto tumbler.<\/li><li>Wallets controlled by the exploiter still hold some 125 ETH and 38,300 TORN tokens lifted from the crypto mixer&#8217;s governance contract over the weekend.<\/li><li>The transactions come after the attacker hijacked Tornado Cash&#8217;s governance forum through an &#8220;emergencyStop&#8221; function in a malicious proposal.<\/li><li>The attacker also submitted a proposal that would seemingly return governance functionality to its original state.<\/li><\/ul>\n\n\n\n<p>The Tornado Cash attacker sent 360 Ether (ETH) to the Ethereum-based crypto mixer after swapping TORN tokens siphoned from the protocol over the weekend. <\/p>\n\n\n\n<p>On May 20, an attacker hijacked the Tornado Cash governance functionality by using a malicious proposal. The proposal was built using the same coding logic as a previously passed proposal but held an &#8220;emergencyStop&#8221; function. This allowed the attacker to essentially take over the protocol&#8217;s governance system and obtain an inordinate number of voting power.<\/p>\n\n\n\n<p>After granting themselves 1,200,000 votes &#8211; 700,000 more than the real votes from community members &#8211; the attacker stole hundreds of thousands of TORN tokens used to incentivize private relayers. <\/p>\n\n\n\n<p>Notably, the attacker was not able to access individual pools or drain assets deposited into Tornado Cash, Paradigm research @samczsun said on Twitter. <\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">First, what does this mean for Tornado Cash?<br><br>Through governance control, the attacker can:<br>&#8211; withdraw all of the locked votes<br>&#8211; drain all of the tokens in the governance contract<br>&#8211; brick the router<br><br>However, the attacker still can&#39;t:<br>&#8211; drain individual pools<\/p>&mdash; @samczsun.com (@samczsun) <a href=\"https:\/\/twitter.com\/samczsun\/status\/1660012958787973121?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\">May 20, 2023<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p>Later on May 21, the attacker swapped TORN tokens using to ETH using 1nch and other DeFi protocols before depositing the proceeds in Tornoda Cash. Wallets controlled by the exploiter still hold some 125 ETH and 38,300 TORN tokens lifted from the crypto mixer&#8217;s governance contract over the weekend, said Nansen data scientist Martin Lee.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img width=\"1024\" height=\"575\" src=\"https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-1024x575.png\" alt=\"\" class=\"wp-image-582364\" srcset=\"https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-1024x575.png 1024w, https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-300x168.png 300w, https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-770x432.png 770w, https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-1536x863.png 1536w, https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-269x151.png 269w, https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-746x419.png 746w, https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen-1376x773.png 1376w, https:\/\/en.ethereumworldnews.com\/wp-content\/uploads\/2023\/05\/By-Nansen.png 1930w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" title=\"\"><figcaption><strong><a href=\"https:\/\/twitter.com\/themlpx\/status\/1660592318901272577\/photo\/1\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/twitter.com\/themlpx\/status\/1660592318901272577\/photo\/1\" rel=\"noreferrer noopener nofollow\">From Nansen<\/a><\/strong><\/figcaption><\/figure>\n\n\n\n<h2>Tornado Cash Attacker To Return Power?<\/h2>\n\n\n\n<p>The attacker <a href=\"https:\/\/etherscan.io\/address\/0x1FAd009aD35689B5a9B91486148F2F32AFE31e23#code\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/etherscan.io\/address\/0x1FAd009aD35689B5a9B91486148F2F32AFE31e23#code\" rel=\"noreferrer noopener nofollow\">posted<\/a> a proposal that would seemingly undo the effects of Saturday&#8217;s heist and return power to the governance community. It&#8217;s unclear if the proposal is indeed legitimate or an attempt to prop up the price of TRON which trades above $4 on Monday. <\/p>\n\n\n\n<p>Over 517,000 votes support the proposal set to conclude on May 26 at 2023 11:53:38 GMT.<\/p>\n\n\n\n<p>In other Tornado Cash news, developer Alex Pertsev was <a href=\"https:\/\/en.ethereumworldnews.com\/tornado-cash-alex-pertsev-tweets\/\" data-type=\"URL\" data-id=\"https:\/\/en.ethereumworldnews.com\/tornado-cash-alex-pertsev-tweets\/\" target=\"_blank\" rel=\"noreferrer noopener\">released<\/a> into home arrest in April nine months after Dutch police <a href=\"https:\/\/www.cnbc.com\/2022\/08\/12\/dutch-detain-suspected-developer-of-crypto-mixer-tornado-cash.html\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/www.cnbc.com\/2022\/08\/12\/dutch-detain-suspected-developer-of-crypto-mixer-tornado-cash.html\" rel=\"noreferrer noopener\">detained<\/a> him on money laundering suspicions. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: The Tornado Cash attacker swapped 483,000 TORN tokens for 360 Ether before sending the ETH back to the Ethereum-based crypto tumbler. Wallets controlled by the exploiter still hold some 125 ETH and 38,300 TORN tokens lifted from the crypto mixer&#8217;s governance contract over the weekend. The transactions come after the attacker hijacked Tornado Cash&#8217;s governance forum through an &#8220;emergencyStop&#8221; function in a malicious proposal. The attacker also submitted a proposal that would seemingly return governance functionality to its original [&hellip;]<\/p>\n","protected":false},"author":55,"featured_media":576888,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[947,108120,2],"tags":[108893,1322,108437],"_links":{"self":[{"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/posts\/582363"}],"collection":[{"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/comments?post=582363"}],"version-history":[{"count":3,"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/posts\/582363\/revisions"}],"predecessor-version":[{"id":582368,"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/posts\/582363\/revisions\/582368"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/media\/576888"}],"wp:attachment":[{"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/media?parent=582363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/categories?post=582363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/en.ethereumworldnews.com\/wp-json\/wp\/v2\/tags?post=582363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}