Just days after taking over the project’s governance, the Tornado Cash attacker has submitted a new proposal to revert the damage they've caused.

On May 18, the Tornado Cash DAO accidentally voted in the malicious proposal after failing to properly audit its contents.

Tornado Cash is a privacy-preserving mixer on the Ethereum network.

The attacker was then able to grant themselves 1.2 million TORN tokens, giving them control over the DAO. They then swapped 380,000 of the newly-gotten TORN tokens for 372 ETH and ran it back through the privacy protocol.

A DAO, or decentralized autonomous organization, is a way for a project to organize itself without the need for a specific company or individual to be in power. Governance tokens—such as Tornado Cash's TORN token—are distributed to the community to make and vote on various proposals for the project in question.

The proposal had nothing to do with handing over tokens to any members. Instead, it asked community members to vote for or against increasing the amount of staked TORN tokens needed to become a Tornado Cash relayer and penalize relayers attempting to avoid having their stake slashed.

The attacker claimed to have the same logic as an earlier proposal that had already been passed.

However, the malicious proposal added a self-destruct function which, once used, replaced the original proposal with a new, malicious one.


"Self destruction is, as one can imagine, one of the scariest things one can casually add as an extra function," a smart contract engineer at Immunefi Gonçalo Magalhães told Decrypt. "Changing the logic of a contract provides endless possibilities."

With the malicious proposal now in place, the attacker was able to withdraw all locked governance votes and drain all the tokens from the governance contract.

"In summary, the attacker drained the TRON tokens from the governance vault meaning they then had all the voting power," a spokesperson for security firm PeckShield told Decrypt. "They then swapped part of the stolen TORN for ETH and deposited it into the Tornado Cash protocol."

Shortly after the proposal was revealed to be malicious, another proposal was made to revert the changes.

"Because the attacker now has a majority of voting power, governance mechanisms are essentially meaningless," Magalhães said.

The attacker also submitted another new proposal that would return the TORN tokens they had given themself.  After swapping 380,000 TORN for ETH, the attacker still holds 820,000 TORN tokens, which means they still have total control over the DAO.

Twitter user 0xdeadf4ce has suggested, however, that this could all be a "gigatroll," saying the new proposal to revert the changes was simply a means to boost the token’s price.


How do DAOs stay safe?

This sparked debate online about DAO proposals not being properly audited, if at all.

"This is not the first case of governance attack this year," Snapshot’s head of growth Nathan van der Heyden told Decrypt. "The Beanstalk governance attack is one of the biggest hacks of the year, and this Tornado one is probably one of the most high-profile."

In this case, the proposal was well-crafted to be non-descript and unsuspecting.

Many, if not all, voters would have simply cast their vote without diving deeper into the contract's code.

"Auditing all critical processes is certainly a good measure, but we don’t see it often being implemented," Immunefi's Magalhães told Decrypt. "It is hard already to see comprehensive audits being done on all smart contract proxy upgrades."

A spokesperson at PeckShield confirmed that the company receives proposal audit requests and that they "believe a lot of famous protocols have their proposals audited."

PeckShield declined to reveal who pays for proposal security audits or what projects opt to audit their proposals.

But what’s a DAO to do?


"DAOs should encourage the active review of proposals and participation from holders. Essentially, malicious code like this should not go unnoticed by all DAO members," Magalhães said. "An individual voter should have a deep understanding of whatever they are voting for. On-chain proposals, though digital, are definitely real, and have real consequences."

While this attack was crafty, anyone with a keen eye reviewing the code should have seen the self-destruct function. "A self-destruction function in a contract should have fired all headquarter sirens,” he said.

This attack should act as a learning lesson, albeit an expensive one, for DAOs and their members to prevent yet another governance attack from happening this year.

"We need generalized onchain governance frameworks that allow these exploits to be teaching moments to the community that then adapts their own frameworks to this new knowledge," van der Heyden said, "If we don’t learn collectively, then we’re forced to repeat similar mistakes individually."

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.