Tornado Cash Attacker Proposes to Revert Attack

  • On Saturday, the Tornado Cash DAO passed a malicious proposal that allowed an attacker to gain full control over the crypto mixer’s governance system.
  • Hours after the incident, the attacker published a new proposal that, if passed, would return the governance control back to TORN token holders.


Only a day after gaining full control over Tornado Cash’s governance system, the attacker has published a new proposal to return the mixer’s governance to its DAO, community member Tornadosaurus-Hex highlighted on 21 May.

On Saturday, an attacker was successful in getting the Tornado Cash decentralized autonomous organization (DAO) to pass a malicious proposal that granted him 1.2 million votes, which effectively gave him complete control over the crypto mixer’s governance. Although he had the power to withdraw all of the locked votes, drain all tokens in the governance contract, and brick the router, the attacker “simply withdrew 10,000 votes as TORN and sold it”. Security researcher @samczsun tweeted at the time:

Only hours after the incident, and to everyone’s surprise, the attacker published a new governance proposal that would remove the TORN tokens he gave himself — which provided him with control over the governance — and restore Tornado Cash’s governance to its DAO. The voting for the new proposal will close on 26 May, and considering the attacker has full control over the governance system, it is likely to pass.

Although the Tornado Cash community has no other option but to wait for the attacker’s next move, Tornadosaurus-Hex noted that the new proposal does not appear to be malicious. Community members pointed out on Twitter that the attacker was either trolling with the new proposal, or was trying to pump the price of TORN before cashing out.

Related Coverage
Mango Markets Exploiter Seeks to Keep $47M “Bug Bounty”
  • The person responsible for the Mango Market exploit, Avraham Eisenberg, has objected to Mango Labs’ lawsuit by claiming he had already settled with the DAO.
  • Mango Labs claimed last month that the settlement with the DAO was made “under duress”, and that he should return the $47 million “bug bounty”.
February 16, 2023, 2:51 PM


Boba Network to Become Sixth Chain to Deploy Uniswap V3
  • After passing its governance vote, the proposal to deploy Uniswap v3 on Boba Network has been scheduled to proceed in the coming weeks.
  • Boba Network claimed the decision will allow Uniswap to expand into the Asian market, and enable developers to build on and off-chain DeFi applications on top of Uniswap.
Aave Community Approves v3 Deployment on Ethereum
  • The governance proposal to launch Aave v3 on the Ethereum network passed unanimously, with all participating AAVE token holders voting in favor.
  • The third version of Aave will exist alongside v2, and will initially support seven assets, including wBTC, wETH, wstETH, USDC, DAI, LIMK, and AAVE.