- TORN price fell more than 40%, dropping from highs of $7.29 to lows of $3.55.
- This is after the Tornado Cash DAO had passed a malicious proposal that included a bug from an attacker.
- With complete control over the Tornado Cash governance system, the attacker proceeded to drain locked votes.
The price of TORN fell sharply as the market reacted to cryptocurrency news about a malicious takeover of the Tornado Cash governance.
In the initial market reaction, TORN price plummeted by nearly 50%, with sellers pushing the token’s value from highs of $7.29 to lows of $3.55. While further losses could still materialize, the token’s value has rebounded to above $4.40 as buyers attempt to keep the bears at bay.
At the time of writing, Tornado Cash is ranked 1,103 by market cap on CoinGecko. It has a market cap of $6.8 million, but has seen a total of $25.7 million worth TORN traded in the past 24 hours.
Attacker maliciously takes over Tornado Cash DAO
The price of Tornado Cash fell after an attacker took over the governance of the Tornado Cash DAO. The compromise happened after the community passed a malicious proposal, which the attacker used to drain funds from the governance treasury.
Tornado Cash is a crypto mixing service that runs on Ethereum. It was sanctioned by the US Treasury in February 2023. The governance system controls upgrades to the protocol and is run by those holding the project’s native TORN tokens.
On May 20, 2023, an attacker purportedly added an extra function to an upgrade passed by TORN holders. This gave the unknown entity an extra 1.2 million votes and effective control of the cryptocurrency’s governance system.
On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz
— @samczsun.com (@samczsun) May 20, 2023
As highlighted by a pseudonymous crypto intelligence account Samczsun, control allowed the attacker(s) to withdraw 10,000 votes in TORN tokens. They sold these for $25,600 before draining the remaining amount of locked votes.
In total, 483,000 TORN was taken from the vault. 6,000 TORN was deposited on crypto exchange Bitrue, 379,000 was sold on-chain for $680,000 of ether, and just under 100,000 TORN remains under the attacker’s control.
In the aftermath of the compromise, Binance announced it would be halting TORN deposits until further notice.
Due to circumstances surrounding the protocol, #Binance will temporarily pause $TORN deposits until further notice.
— Binance (@binance) May 21, 2023
Tron founder Justin Sun said TORN deposits and withdrawals on Huobi would remain open. Meanwhile, the Tornado Cash team says its working on a fix for the vulnerability.