This is technically way beyond me, but it appears as though a malicious actor has attacked Tornado Cash and taken over governance control. They used a previous proposal but with extra functions in the logic to grant themselves 1.2M votes which was more than required:
https://etherscan.io/address/0xC503893b3e3c0C6b909222b45f2a3a259a52752D
Unfortunately the creator added a selfdestruct function to the contract to delete the bytecode. Ill add a thread with screenshots in the comments.
It looks like individual pools couldnt be exploited, but the governance token pool of $10k in TORN seems to have been drained.
Seems like alot of trouble to go to for $10k of an OFAC-sanctioned protocol, so theres already people theorizing about state actors (Lazarus) behind the attack. Especially considering they apparently mixed the TORN in Tornado Cash afterwards lol.
There are already people working on submitting fixes and forks etc, but wow this is bizarre.
(Tech savants please feel free to add corrections or details in the comments!)
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments