Rob Behnke
May 23rd, 2023
In May 2023, Tornado Cash suffered a governance attack. The attacker managed to gain complete governance control over the protocol and was able to drain 483,000 TORN (worth about $2,173,500) from governance vaults.
Tornado Cash has a decentralized governance system in which participants can submit proposals, and the community votes for them. If a proposal receives a sufficient number of votes, it goes into effect.
The Tornado Cash exploiter manipulated this system by generating a malicious proposal that allegedly implemented the same logic as an earlier, legitimate proposal. However, this version of the proposal included malicious self-destruct logic that would allow new, malicious code to be deployed to the proposal’s address after it self-destructed.
This additional, malicious functionality was overlooked by many users, who voted for the proposal, causing it to be enacted. The attacker then self-destructed the proposal and modified its code. Once the malicious proposal was executed (via delegate call), 10,000 governance tokens were assigned to each address controlled by the attacker for a total of 1.2 million votes.
With this many votes, the attacker had complete control over the Tornado Cash governance system since only about 70,000 legitimate votes existed.
With control over Tornado Cash, the attacker could take various malicious actions, including stealing governance tokens and locked votes and performing a DoS attack on the Tornado router. In the end, the attacker stole about $2,173,500 from the protocol.
The Tornado Cash exploit relied on the fact that voters would vote for the original, malicious proposal. The malicious proposal claimed to be identical to an earlier, approved version, and voters trusted and approved it. However, the malicious self-destruct functionality allowed the attacker to deploy malicious code to the proposal contract.
This attack underscores the importance of knowing what you are voting for in decentralized governance proposals. A deceitful description cost the protocol about $2,173,500.