Attacker Hijacks Tornado Funds Management Via Malicious Proposal By Cointelegraph


The information was shared by @samczsun of the research-based technology investment firm, which revealed that when sharing the malicious suggestion, the attacker claimed to have used similar reasoning to the one passed by the community previously. However, this time, the proposal had an additional function.

As explained by @samczsun:

Taking full control of Tornado Cash governance allows an attacker to pull all locked votes, drain all tokens in governance nodes and destroy the router. At the time of writing, the attacker “simply pulled 10,000 votes in the name of TORN and sold them all,” @samczsun said.

The attack serves as a reminder for cryptocurrency investors to examine the proposal descriptions and reasoning. An active Tornado Cash community, named Tornadosaurus-Hex or Mr. Tornadosaurus Hex, has confirmed that all funds in governance are at risk, and has asked all members to withdraw all funds credited in governance.

As described above, they have also attempted to publish a contract that will likely reflect the changes while still suggesting that the community withdraw its funds. Cointelegraph also received a distress call from a Tornado Cash community developer who confirmed the above developments, saying:

The team is currently looking for Solidity developers who can help save the protocol from extinction. They also stated that “we need to contact Binance – this exchange has more tokens than the attacker”.

The developer hopes the solution will enable “the community to defend against hackers who abuse the anonymization blocks of honest users without the need for end-to-end regulation or sacrificing the likes of cryptography.”

magazine: Moral Responsibility: Can Blockchain Really Improve Trust in AI?

Read on at Coin Telegraph


Source link

Related Posts