Samczsun, a security researcher at crypto investment firm Paradigm, said on Twitter that an attacker granted themselves 1.2 million fake votes on Saturday. As the fake votes exceeded the 700,000 legitimate votes, it allowed the attacker to gain full control over the governance of Tornado Cash.

Tornado Cash couldn’t immediately be reached for comment via Twitter.

On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz

— @samczsun.com (@samczsun) May 20, 2023

Tornado Cash is a blockchain protocol and TORN, its governance token, enables holders to vote on proposed changes in the service.

“Now that they have all the votes, they can do whatever they want. In this case, they simply withdrew 10,000 votes as TORN and sold it all,” Samczsun said in a tweet.

Soon after the news of the exploit, crypto exchange Binance said that it will temporarily pause deposits of TORN. The token steadied on Monday in Asia after sliding on Sunday. Its price is down by over a third to about $4.56 compared with an intraday high on Saturday, according to CoinGecko data. 

Tornado Cash is allegedly the preferred tool for hackers and criminals to launder stolen or illicit funds. Data from Dune Analytics showed over $8-billion had been sent through Tornado Cash since the service started in 2019.

The US Treasury Department imposed sanctions on Tornado Cash in August after saying the service was used by North Korean hackers to launder illicit gains. North Korea’s Lazarus Group laundered about $450 million through the service, a Treasury official said then. DM