Key Points:
Decentralized autonomous organizations (DAOs) allow token holders to lock up their holdings as votes to propose changes to a project. These changes can range from deploying treasury funds to purposes that benefit the project to expansion on other networks.
The attacker floated a malicious proposal that hid a code function to grant them fake votes that can now be used to handle some aspects of Tornado Cash, such as torn (TORN) tokens held in the main governance contract or withdrawal of locked torn tokens. This was done by putting forth a proposal that imitated an earlier version, except with some malicious code that allowed for the update of logic, giving the attacker access to all governance votes.
As a result, the attacker now has all votes, which means that they have complete control over the DAO. Security researcher @samczsun tweeted on Sunday that “Now that they have all the votes, they can do whatever they want. In this case, they simply withdrew 10,000 votes as TORN and sold it all.” This is a serious issue that puts the future plans of the Tornado Cash DAO at risk.
However, it is important to note that this attack does not impact the actual Tornado Cash protocol. The protocol allows users to pass funds through the service to mask or obscure the movements of funds and crypto addresses. This attack was not an exploit of any smart contracts or technology related to the working of Tornado Cash.
Tornado Cash community has put up newer proposals seeking to revert changes made to the code. One community member observed that the attacker had maliciously minted over 1 million torn for themselves, worth over $4 million at current prices. Despite this, the community is determined to keep the Tornado Cash project going and is taking steps to ensure that such an attack does not happen again in the future.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Annie
Coincu News
The hype around PropiChain’s token presale is due to its innovative integration of NFTs and…
UK pension fund Cartwright advised the country's first defined benefit pension fund to allocate 3%…
a16z and Coinbase have pledged substantial funds to crypto PAC Fairshake, aiming to support crypto-friendly…
Bitcoin (BTC), Ethereum (ETH), and Solana (SOL) dominate the crypto market, but experts warn that…
Discover the future as the Dogecoin price aims for a $0.7 comeback and discover why…
Willemstad, Curaçao, 4th November 2024, Chainwire
This website uses cookies.