Tornado Cash’s TORN Jumps After Attack on Privacy Mixer is Reversed

An unidentified attacker or group of assailants took over the DAO handling the funds, operations, and projects of privacy mixer Tornado Cash on May 20.

The exploiter injected malicious code, hiding a key function and granting him fake votes, which he could use to withdraw locked Tornado Cash (TORN) tokens in the main governance contract. CoinDesk reported that the attacker had proposed to reverse the malicious changes.

Attacker “likely” to remove malicious code

According to members of the Tornado Cash community, the attacker is likely to make good on his promise to restore the state of governance. They report that he was reversing the TORN tokens he took back to zero. These tokens had given him a majority governance vote.

Considering how many TORN governance tokens he holds, it seems like his proposal will be passed when voting closes this Friday. However, it’s uncertain when he will perform this action. After the proposal is approved, the malicious code he injected into the privacy protocol will be removed. Then, legitimate token holders will reclaim governance of Tornado Cash’s DAO.

Insiders suspect price manipulation

Immediately after the news broke, TORN gained 10%. At the time of writing, it was trading for $4.61 and its gains in the last 24 hours were 5.18% according to Coinmarketcap data.

TORN community members suggested the attacker’s purpose was to temporarily reduce the price of the token so he could increase the value of his holdings.

Structural attacks on DeFi protocols and DAOs are different from those where the attacker destroys code rather than exploiting it. In this case,the attacker was probably relying on the fact that the US Treasury designated Tornado Cash asa sanctioned entity in November last year.

In April 2022, Tornado Cash announced it had integrated a compliance tool developed by Chainalysis to blockcrypto walletssanctioned by OFAC.