Business Maverick

Business Maverick

Sanctioned crypto mixer Tornado Cash hijacked by hackers

Sanctioned crypto mixer Tornado Cash hijacked by hackers
A person types on a backlit keyboard. Ransomware attacks on industrial firms increased by 87% in 2022. (Photo: Chris Ratcliffe/Bloomberg)

Tornado Cash, a service that allows users to mask cryptocurrency transactions, suffered a hostile takeover by hackers through a malicious governance proposal.

Samczsun, a security researcher at crypto investment firm Paradigm, said on Twitter that an attacker granted themselves 1.2 million fake votes on Saturday. As the fake votes exceeded the 700,000 legitimate votes, it allowed the attacker to gain full control over the governance of Tornado Cash.

Tornado Cash couldn’t immediately be reached for comment via Twitter.

On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.

— (@samczsun) May 20, 2023

Tornado Cash is a blockchain protocol and TORN, its governance token, enables holders to vote on proposed changes in the service.

“Now that they have all the votes, they can do whatever they want. In this case, they simply withdrew 10,000 votes as TORN and sold it all,” Samczsun said in a tweet.

Soon after the news of the exploit, crypto exchange Binance said that it will temporarily pause deposits of TORN. The token steadied on Monday in Asia after sliding on Sunday. Its price is down by over a third to about $4.56 compared with an intraday high on Saturday, according to CoinGecko data. 

Tornado Cash is allegedly the preferred tool for hackers and criminals to launder stolen or illicit funds. Data from Dune Analytics showed over $8-billion had been sent through Tornado Cash since the service started in 2019.

The US Treasury Department imposed sanctions on Tornado Cash in August after saying the service was used by North Korean hackers to launder illicit gains. North Korea’s Lazarus Group laundered about $450 million through the service, a Treasury official said then. DM


Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted

A South African Hero: You

There’s a 99.8% chance that this isn’t for you. Only 0.2% of our readers have responded to this call for action.

Those 0.2% of our readers are our hidden heroes, who are fuelling our work and impacting the lives of every South African in doing so. They’re the people who contribute to keep Daily Maverick free for all, including you.

The equation is quite simple: the more members we have, the more reporting and investigations we can do, and the greater the impact on the country.

Be part of that 0.2%. Be a Maverick. Be a Maverick Insider.

Support Daily Maverick→
Payment options