Tornado Cash Attack Drains $2 Million Worth of TORN Tokens, Price Dropped by Over 50%

The price of TORN, the native token of the Tornado Cash privacy protocol, plummeted by more than 50% on May 20 after an attacker exploited a vulnerability in the protocol’s governance contract to drain over $2 million worth of TORN tokens.

The attacker was able to exploit the vulnerability by submitting a malicious proposal to the Tornado Cash governance contract that allowed them to withdraw all of the TORN tokens that had been staked in the contract.

On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz

— samczsun (@samczsun) May 20, 2023

The Tornado Cash team has since patched the vulnerability and is working to recover the stolen TORN tokens. However, it is unclear if all of the stolen tokens will be able to be recovered.

The attack on Tornado Cash is a reminder of the risks associated with using decentralized finance (DeFi) protocols. DeFi protocols are often complex and can be vulnerable to attack. Investors should carefully research DeFi protocols before using them and should only invest funds that they can afford to lose.

TagsCryptoTORN