Tornado Cash DAO passes attacker’s proposal to hand back control
Tornado Cash governance token holders are set to resume control over the protocol’s operations, following an unexpected proposal by the person who attacked it.
The proposal to hand back control to the original governance holders passed on May 26, with 517,000 token votes in favor and zero against. It will be executed in a day’s time.
This may be a swift ending to a ruthless governance takeover that didn’t affect the protocol — although it could have done — but resulted in the theft of some governance tokens. According to Martin Lee, data journalist at crypto analytics site Nansen, the attacker stole 483,000 TORN tokens and swapped most of them for 485 ETH ($890,000), leaving 39,000 TORN ($160,000). Some of the ether was then routed through Tornado Cash, to obscure its origin.
The attacker took over the protocol’s governance system by managing to get a malicious proposal passed, which contained code giving them 1.2 million votes. They then used these votes to pass further proposals, handing themselves control over governance tokens that had been vested.
Tornado Cash is a mixing service on the Ethereum blockchain. It was sanctioned by the U.S. Treasury in August 2022 under allegations that the protocol was used for money laundering. Alexey Pertsev, one of the protocol’s developers, awaits trial in the Netherlands under allegations of money laundering.