The price of TORN, the native token of the Tornado Cash privacy protocol, plummeted by more than 50% on May 20 after an attacker exploited a vulnerability in the protocol’s governance contract to drain over $2 million worth of TORN tokens.

The attacker was able to exploit the vulnerability by submitting a malicious proposal to the Tornado Cash governance contract that allowed them to withdraw all of the TORN tokens that had been staked in the contract.

The Tornado Cash team has since patched the vulnerability and is working to recover the stolen TORN tokens. However, it is unclear if all of the stolen tokens will be able to be recovered.

The attack on Tornado Cash is a reminder of the risks associated with using decentralized finance (DeFi) protocols. DeFi protocols are often complex and can be vulnerable to attack. Investors should carefully research DeFi protocols before using them and should only invest funds that they can afford to lose.