• bitcoinBitcoin (BTC) $ 98,317.00
  • ethereumEthereum (ETH) $ 3,448.46
  • tetherTether (USDT) $ 1.00
  • xrpXRP (XRP) $ 2.31
  • bnbBNB (BNB) $ 678.30
  • solanaSolana (SOL) $ 193.40
  • dogecoinDogecoin (DOGE) $ 0.336109
  • usd-coinUSDC (USDC) $ 1.00
  • cardanoCardano (ADA) $ 0.960324
  • staked-etherLido Staked Ether (STETH) $ 3,442.18
  • tronTRON (TRX) $ 0.251565
  • avalanche-2Avalanche (AVAX) $ 40.60
  • chainlinkChainlink (LINK) $ 23.87
  • wrapped-stethWrapped stETH (WSTETH) $ 4,096.29
  • the-open-networkToncoin (TON) $ 5.51
  • suiSui (SUI) $ 4.76
  • shiba-inuShiba Inu (SHIB) $ 0.000023
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 97,947.00
  • polkadotPolkadot (DOT) $ 7.46
  • stellarStellar (XLM) $ 0.376764
  • hyperliquidHyperliquid (HYPE) $ 33.54
  • hedera-hashgraphHedera (HBAR) $ 0.268994
  • wethWETH (WETH) $ 3,446.97
  • bitcoin-cashBitcoin Cash (BCH) $ 468.37
  • leo-tokenLEO Token (LEO) $ 9.29
  • uniswapUniswap (UNI) $ 13.95
  • pepePepe (PEPE) $ 0.000019
  • litecoinLitecoin (LTC) $ 104.00
  • wrapped-eethWrapped eETH (WEETH) $ 3,640.74
  • nearNEAR Protocol (NEAR) $ 5.40
  • bitget-tokenBitget Token (BGB) $ 4.35
  • ethena-usdeEthena USDe (USDE) $ 0.999964
  • aptosAptos (APT) $ 10.60
  • internet-computerInternet Computer (ICP) $ 10.93
  • usdsUSDS (USDS) $ 1.00
  • aaveAave (AAVE) $ 321.95
  • crypto-com-chainCronos (CRO) $ 0.167774
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.503467
  • ethereum-classicEthereum Classic (ETC) $ 27.45
  • mantleMantle (MNT) $ 1.22
  • render-tokenRender (RENDER) $ 7.64
  • vechainVeChain (VET) $ 0.048632
  • mantra-daoMANTRA (OM) $ 3.92
  • bittensorBittensor (TAO) $ 486.19
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 1.36
  • whitebitWhiteBIT Coin (WBT) $ 24.56
  • moneroMonero (XMR) $ 192.23
  • ethenaEthena (ENA) $ 1.18
  • daiDai (DAI) $ 1.00
  • arbitrumArbitrum (ARB) $ 0.805089
  • filecoinFilecoin (FIL) $ 5.25
  • kaspaKaspa (KAS) $ 0.125555
  • fantomFantom (FTM) $ 1.07
  • algorandAlgorand (ALGO) $ 0.355740
  • okbOKB (OKB) $ 46.22
  • cosmosCosmos Hub (ATOM) $ 7.04
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 2.69
  • blockstackStacks (STX) $ 1.79
  • ondo-financeOndo (ONDO) $ 1.82
  • optimismOptimism (OP) $ 1.90
  • bonkBonk (BONK) $ 0.000033
  • immutable-xImmutable (IMX) $ 1.46
  • celestiaCelestia (TIA) $ 5.38
  • movementMovement (MOVE) $ 1.03
  • theta-tokenTheta Network (THETA) $ 2.28
  • injective-protocolInjective (INJ) $ 22.31
  • dogwifcoindogwifhat (WIF) $ 2.16
  • the-graphThe Graph (GRT) $ 0.223694
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,447.17
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 98,306.00
  • sei-networkSei (SEI) $ 0.456728
  • worldcoin-wldWorldcoin (WLD) $ 2.37
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.030152
  • thorchainTHORChain (RUNE) $ 5.35
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,575.31
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,864.14
  • flokiFLOKI (FLOKI) $ 0.000180
  • first-digital-usdFirst Digital USD (FDUSD) $ 1.00
  • jasmycoinJasmyCoin (JASMY) $ 0.035741
  • gatechain-tokenGate (GT) $ 13.25
  • galaGALA (GALA) $ 0.038615
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,628.46
  • lido-daoLido DAO (LDO) $ 1.78
  • flare-networksFlare (FLR) $ 0.028267
  • tokenize-xchangeTokenize Xchange (TKX) $ 18.96
  • beam-2Beam (BEAM) $ 0.028829
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 98,358.00
  • makerMaker (MKR) $ 1,676.32
  • the-sandboxThe Sandbox (SAND) $ 0.598545
  • fasttokenFasttoken (FTN) $ 3.33
  • pyth-networkPyth Network (PYTH) $ 0.391628
  • usual-usdUsual USD (USD0) $ 1.00
  • tezosTezos (XTZ) $ 1.36
  • nexoNEXO (NEXO) $ 1.38
  • kaiaKaia (KAIA) $ 0.235039
  • solv-btcSolv Protocol SolvBTC (SOLVBTC) $ 98,154.00
  • based-brettBrett (BRETT) $ 0.137969
  • kucoin-sharesKuCoin (KCS) $ 11.32
  • raydiumRaydium (RAY) $ 4.63
  • eosEOS (EOS) $ 0.858389
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,544.12
  • heliumHelium (HNT) $ 7.12
  • binance-staked-solBinance Staked SOL (BNSOL) $ 197.50
  • ethereum-name-serviceEthereum Name Service (ENS) $ 37.10
  • jupiter-exchange-solanaJupiter (JUP) $ 0.886064
  • aerodrome-financeAerodrome Finance (AERO) $ 1.65
  • flowFlow (FLOW) $ 0.754368
  • xdce-crowd-saleXDC Network (XDC) $ 0.078167
  • starknetStarknet (STRK) $ 0.503550
  • arweaveArweave (AR) $ 17.29
  • iotaIOTA (IOTA) $ 0.315668
  • bitcoin-svBitcoin SV (BSV) $ 56.25
  • dydx-chaindYdX (DYDX) $ 1.57
  • aioz-networkAIOZ Network (AIOZ) $ 0.970331
  • curve-dao-tokenCurve DAO (CRV) $ 0.872608
  • bittorrentBitTorrent (BTT) $ 0.000001
  • coredaoorgCore (CORE) $ 1.15
  • msolMarinade Staked SOL (MSOL) $ 239.89
  • neoNEO (NEO) $ 14.83
  • axie-infinityAxie Infinity (AXS) $ 6.60
  • elrond-erd-2MultiversX (EGLD) $ 36.83
  • matic-networkPolygon (MATIC) $ 0.503807
  • decentralandDecentraland (MANA) $ 0.505238
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 3,456.56
  • solv-protocol-solvbtc-bbnSolv Protocol SolvBTC.BBN (SOLVBTC.BB) $ 97,370.00
  • apecoinApeCoin (APE) $ 1.23
  • pendlePendle (PENDLE) $ 5.37
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 97,759.00
  • fartcoinFartcoin (FARTCOIN) $ 0.877424
  • zcashZcash (ZEC) $ 54.16
  • mog-coinMog Coin (MOG) $ 0.000002
  • eigenlayerEigenlayer (EIGEN) $ 4.04
  • jito-governance-tokenJito (JTO) $ 3.12
  • chilizChiliz (CHZ) $ 0.090762
  • akash-networkAkash Network (AKT) $ 3.36
  • conflux-tokenConflux (CFX) $ 0.168883
  • wormholeWormhole (W) $ 0.287337
  • popcatPopcat (POPCAT) $ 0.811607
  • ai16zai16z (AI16Z) $ 0.714683
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,448.51
  • mina-protocolMina Protocol (MINA) $ 0.646560
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 205.43
  • compound-governance-tokenCompound (COMP) $ 85.30
  • usddUSDD (USDD) $ 0.998743
  • roninRonin (RON) $ 1.99
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.51
  • superfarmSuperVerse (SUPER) $ 1.64
  • spx6900SPX6900 (SPX) $ 0.794327
  • havvenSynthetix Network (SNX) $ 2.15
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,449.39
  • ecasheCash (XEC) $ 0.000037
  • chiaChia (XCH) $ 22.34
  • dydxdYdX (ETHDYDX) $ 1.57
  • dog-go-to-the-moon-runeDOG•GO•TO•THE•MOON (Runes) (DOG) $ 0.007015
  • amp-tokenAmp (AMP) $ 0.008289
  • gnosisGnosis (GNO) $ 269.06
  • zksyncZKsync (ZK) $ 0.188284
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.335534
  • peanut-the-squirrelPeanut the Squirrel (PNUT) $ 0.687211
  • notcoinNotcoin (NOT) $ 0.006708
  • axelarAxelar (AXL) $ 0.782350
  • ether-fi-staked-btcEther.fi Staked BTC (EBTC) $ 97,489.00
  • chex-tokenCHEX Token (CHEX) $ 0.665588
  • layerzeroLayerZero (ZRO) $ 5.94
  • tether-goldTether Gold (XAUT) $ 2,634.33
  • fraxFrax (FRAX) $ 0.998619
  • baby-doge-coinBaby Doge Coin (BABYDOGE) $ 0.00000000
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 3,628.11
  • reserve-rights-tokenReserve Rights (RSR) $ 0.011756
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000114
  • vanaVana (VANA) $ 19.77
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,730.36
  • grassGrass (GRASS) $ 2.55
  • turboTurbo (TURBO) $ 0.008836
  • oasis-networkOasis (ROSE) $ 0.086797
  • cat-in-a-dogs-worldcat in a dogs world (MEW) $ 0.006564
  • ordinalsORDI (ORDI) $ 27.77
  • usualUsual (USUAL) $ 1.25
  • blurBlur (BLUR) $ 0.278568
  • super-oethSuper OETH (SUPEROETHB) $ 3,449.69
  • safeSafe (SAFE) $ 1.12
  • 1inch1inch (1INCH) $ 0.408416
  • trust-wallet-tokenTrust Wallet (TWT) $ 1.36
  • echelon-primeEchelon Prime (PRIME) $ 11.09
  • creditcoin-2Creditcoin (CTC) $ 1.38
  • goatseus-maximusGoatseus Maximus (GOAT) $ 0.559956
  • beldexBeldex (BDX) $ 0.077606
  • livepeerLivepeer (LPT) $ 14.58
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 98,213.00
  • susdssUSDS (SUSDS) $ 1.02
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • gigachad-2Gigachad (GIGA) $ 0.054652
  • pax-goldPAX Gold (PAXG) $ 2,631.50
  • apenftAPENFT (NFT) $ 0.00000053
  • kusamaKusama (KSM) $ 32.82
  • arkhamArkham (ARKM) $ 1.56
  • nervos-networkNervos Network (CKB) $ 0.011426
  • pumpbtcpumpBTC (PUMPBTC) $ 97,458.00
  • frax-etherFrax Ether (FRXETH) $ 3,446.56
  • polygon-pos-bridged-weth-polygon-posPolygon PoS Bridged WETH (Polygon POS) (WETH) $ 3,444.64

Attacker hijacks Tornado Cash governance via malicious proposal

0 246

Attacker hijacks Tornado Cash governance via malicious proposal

Adding to the existing roadblocks of the decentralized crypto mixer Tornado Cash, an attacker managed to gain full control of the governance through a malicious proposal.

On May 20 at 3:25 ET, an attacker successfully granted 1.2 million votes to a malicious proposal. Given that the proposal received more than 700,000 legitimate votes, the attacker gained total control over Tornado Cash governance.

On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.https://t.co/nY87XmrYgT pic.twitter.com/h9qjc3xRqz

— @samczsun.com (@samczsun) May 20, 2023

The information was shared by @samczsun of research-driven technology investment firm Paradigm, who revealed that, when sharing the malicious proposal, the attacker claimed that it used a logic similar to a proposal that had previously passed by the community. However, this time, the proposal had an additional function.

Attacker hijacks Tornado Cash governance via malicious proposal

As explained by @samczsun:

“Once the proposal was passed by voters, the attacker simply used the emergencyStop function to update the proposal logic to grant themselves the fake votes.”

The total control over Tornado Cash governance allows the attacker to withdraw all of the locked votes, drain all of the tokens in the governance contract and brick the router. At the time of writing, the attacker “simply withdrew 10,000 votes as TORN and sold it all,” said @samczsun. The attack comes as a reminder to crypto investors to vet proposal descriptions and logic. An active community of Tornado Cash, who goes by the name Tornadosaurus-Hex or Mr. Tornadosaurus Hex, confirmed that all funds in Governance are potentially compromised and requested all members to withdraw all funds locked in governance.

Attacker hijacks Tornado Cash governance via malicious proposal

As shown above, they also attempted deploying a contract that could potentially revert the changes while still suggesting the community to withdraw their funds. Cointelegraph also came across a distress call from one of Tornado Cash’s community developer who confirmed the above developments, stating:

“There was an attack on the protocol this morning that you already know about. All day, another community developer and I thought about what to do, but the situation is close to hopeless — currently the attacker controls Governance.”

The team is currently in search of Solidity developers that can help save the protocol from extinction. They additionally stated that “we need contact with Binance — this exchange has more tokens than the attacker.”

A former Tornado Cash developer is reportedly working on building a new crypto mixing service from scratch, which addresses the “critical flaw” existing in Tornado Cash.

1/ We fixed @tornadocash 😇

v0 of https://t.co/Nt4b2Tgx1D is live on @optimismFND

test out the demo, but please note:
— this is experimental code
— it has not been audited
— the trusted setup is untrusted

read the full story anon 🧵👇https://t.co/9nAU3RrgpN

— Ameen Soleimani (@ameensol) March 4, 2023

The developer hopes the solution will empower “the community to defend against hackers abusing the anonymity sets of honest users without requiring blanket regulation or sacrificing on crypto ideals.”

Source

Leave A Reply

Your email address will not be published.