Only a day after gaining full control over Tornado Cash’s governance system, the attacker has published a new proposal to return the mixer’s governance to its DAO, community member Tornadosaurus-Hex highlighted on 21 May.
On Saturday, an attacker was successful in getting the Tornado Cash decentralized autonomous organization (DAO) to pass a malicious proposal that granted him 1.2 million votes, which effectively gave him complete control over the crypto mixer’s governance. Although he had the power to withdraw all of the locked votes, drain all tokens in the governance contract, and brick the router, the attacker “simply withdrew 10,000 votes as TORN and sold it”. Security researcher @samczsun tweeted at the time:
Only hours after the incident, and to everyone’s surprise, the attacker published a new governance proposal that would remove the TORN tokens he gave himself — which provided him with control over the governance — and restore Tornado Cash’s governance to its DAO. The voting for the new proposal will close on 26 May, and considering the attacker has full control over the governance system, it is likely to pass.
Although the Tornado Cash community has no other option but to wait for the attacker’s next move, Tornadosaurus-Hex noted that the new proposal does not appear to be malicious. Community members pointed out on Twitter that the attacker was either trolling with the new proposal, or was trying to pump the price of TORN before cashing out.