Tornado Cash Hacker Initiates Moving Stolen Funds

Tornado Cash Governance

According to blockchain records, the perpetrator of the takeover of Tornado Cash DAO has begun moving the stolen tokens. Etherscan data reveals that on Wednesday night, an attacker-affiliated address transferred 100 ether (ETH) and 38,000 torn (TORN) tokens in two transactions utilizing the Tornado Cash protocol.

On Saturday, an unknown attacker or attackers took control of the decentralized autonomous organization (DAO) responsible for the privacy-focused crypto mixer’s operations, money, and future goals. The attacker has more than twenty ether ($35,684) in their wallet and still have access to all of Tornado Cash’s reserves.

A fraudulent proposal was put up by the attacker, concealing a code function that would allow them bogus votes that could be used to manage certain parts of the cryptocurrency mixer, such as torn tokens kept in the main governance contract or the withdrawal of locked torn tokens.

Hacker Uses Tornado Cash Itself

Token holders in decentralized autonomous organizations (DAOs) may stake their assets to cast votes on proposed project improvements. Alterations may include anything from re-directing project funding to more productive uses to branching out into other networks.

The Tornado Cash protocol itself, which lets customers route transactions via the service in order to conceal the origins and destinations of their cryptocurrency assets, is unaffected by the assault. None of the smart contracts or underlying technologies used in the operation of the crypto mixer were compromised in this assault.

That’s why Tornado Cash isn’t completely doomed just yet. This week, the attacker suggested rolling back any malicious alterations made before the takeover, driving up TORN costs by 10%. Its irony to notice the hacker utilizing the same Tornado mixer to get away with the stolen funds from the same organization. Tornado Cash was previously under scrutiny by U.S authorities over its capabilities and how hackers use it to get away without being traced.

Naseem Sheikh