A member of the Tornado Cash community named Tornadosaurus-Hex announced on the forum that the attackers behind the recent breach had submitted a new proposal to restore governance.
The proposal, if approved, could allow an attacker to regain control of the DAO governance of the Tornado Cash protocol.
Tornadosaurus-Hex revealed that the malicious proposal included resetting its locked Balance-s, effectively reducing them to zero.
By doing this, attackers aim to remove the malicious code they integrated into the protocol. This move will effectively return the governance rights of Tornado Cash to token holders.
Tornadosaurus-Hex recognizes the seriousness of the situation, emphasizing the need for someone (possibly themselves) to make a counter-proposal to update the governance contract.
They assured the community that they are ready to fix the logic, but need to verify the storage layout to ensure that the proxy upgrade does not compromise the contract.
Given that the attacker owns TORN governance tokens, the proposal is likely to pass when voting closes on May 26. However, the exact timing of the action remains unclear. Once the proposal is approved, the malicious code integrated by the attackers, enabling them to steal voting power from others, will be eliminated, restoring governance control of Tornado Cash’s DAO to token holders.
The Tornado Cash community now finds itself at a pivotal moment, with decisions on this proposal that will shape the future of the protocol.
Token holders must thoroughly evaluate the potential consequences and implications of an attacker’s proposal and determine the best course of action for the overall security and integrity of Tornado Cash.
While the community awaits the outcome of the vote, the proposal has implications beyond Tornado Cash’s immediate focus. It raises broader questions about the governance and security of decentralized protocols, emphasizing the need for robust mechanisms to guard against potential attacks and ensure continued trust from users.
The reaction of the Tornado Cash community and other stakeholders in the decentralized finance (DeFi) ecosystem will undoubtedly play an important role in determining the path forward.
The incident serves as a reminder of the challenges DeFi platforms face in maintaining the delicate balance between openness and security, and the importance of constant vigilance in the face of evolving threats.
The Tornado Cash team has yet to issue an official statement on the attacker’s proposal, but they are expected to address the issue quickly.
At the same time, the community must come together for thoughtful discussion and active engagement to safeguard the future of the protocol and uphold the principles of decentralized governance.
Only time will tell how this intricacies will unfold and the impact it will have on Tornado Cash and the wider DeFi landscape.