Skip to content

Hackers take over Tornado Cash DAO; then submit a proposal for reversal

  • by
  • 2 min read

Photo by Morrowind/

In a significant blow to privacy-focused crypto mixer Tornado Cash, the Decentralised Autonomous Organisation (DAO) responsible for managing its operations, funds, and future plans fell victim to a cyber attack on Saturday. However, in a bizarre turn of events, later the hackers submitted a proposal to restore the TORN tokens that they stole thereby restoring the state of governance.

It is not yet known whether this was a solo act or if was there any group behind these attacks. The hackers successfully took control of the DAO. DAOs allow holders to use their holdings as votes for proposing changes to a project. However, in this case, the attacker introduced a malicious proposal that contained hidden code. This code granted the attacker fraudulent votes, providing them with control over certain aspects of Tornado Cash, including the governance contract and the ability to withdraw locked TORN tokens.

By imitating an earlier proposal with subtle modifications, the attacker was able to update the logic and gain access to all governance votes. Consequently, they possessed the authority to manipulate the DAO’s decisions. As of now, the attackers withdrew 10,000 TORN votes and sold them.

It’s important to note that this attack does not impact the functionality or integrity of the Tornado Cash protocol itself. The protocol enables the users to anonymize their funds and obscure transaction details, ensuring privacy in cryptocurrency transactions. The attack targeted the governance aspect of the project rather than exploiting any smart contracts or technology related to the core functionality.

The Tornado Cash community responded swiftly and introduced proposals to revert the changes made by the attackers. However, the damage was massive as the attackers had maliciously minted over 1 million TORN tokens which is equivalent to over $ 4 million at current market prices leading to TORN’s token value plunging by as much as 40%.

On May 22, however, the attackers had a sudden change of heart, and they proposed to revert the governance back to token holders. It is still unclear what their true intentions are and how will things proceed further.

In the News: Three WebKit vulnerabilities are under active exploitation: Apple

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: