Finance
Поделиться этой статьей

Tornado Cash Reportedly Suffers Backend Exploit, User Deposits at Risk

The exploit has the function to steal deposit data and deposited funds.

Автор Oliver Knight|Редактор Stephen Alpher
Обновлено 8 мар. 2024 г., 10:10 p.m. Опубликовано 26 февр. 2024 г., 3:08 p.m. Переведено ИИ
Tornado Cash website and Discord taken offline (Nikolas Noonan/Unsplash)
Tornado Cash hit by backend exploit (Nikolas Noonan/Unsplash)
  • Tornado Cash deposits and deposit data is reportedly at risk.
  • A proposal has been made to revert back to a previous version of the protocol's IPFS deployment.

User deposits on token mixer Tornado Cash are reportedly at risk following the insertion of malicious code in the protocol's back end, according to a Medium post by community member Gas404.

The post explains that a malicious javascript code was hidden from a two-month-old governance proposal submitted by an alleged Tornado Cash developer on Jan. 1. The code redirects deposit data to a public server hosted by the alleged developer.

STORY CONTINUES BELOW
Не пропустите другую историю.Подпишитесь на рассылку Crypto Daybook Americas сегодня. Просмотреть все рассылки
Подписавшись, вы будете получать электронные письма о продуктах CoinDesk и соглашаетесь с нашим правила пользования и политика конфиденциальности.

The function of the exploit is to leak Tornado Cash deposit data and there is also a function to steal a deposit itself. According to Gas404, one deposit was stolen out of this batch seen on etherscan.

Tornado Cash trading volume nosedived by more than 90% after the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) sanctioned Tornado Cash in August 2022.

Gas404 has proposed that Tornado Cash should revert to a previous IPFS ContextHash deployment used in a previous version of TornadoCash.

Tornado CashExploitHack

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Cascade Unveils 24/7 Neo-Brokerage Offering Perpetuals on Cryptos, U.S. Stocks

By Will Canny, AI Boost|Edited by Sheldon Reback
29 minutes ago
Computer monitors and a laptop screen show trading charts on a desk overlooking an expanse of water at sunset. (sergeitokmakov/Pixabay, modified by CoinDesk)

The platform will let retail traders use one margin account to trade round-the-clock perpetual markets.

What to know:

  • Cascade has introduced a 24/7 brokerage-style app for perpetual markets spanning crypto, U.S. equities and private-asset exposure.
  • The firm is pitching a single, unified margin account with direct-to-bank U.S. dollar capability for deposits and withdrawals.
  • The company has raised $15 million from investors including Polychain Capital, Variant and Coinbase Ventures.

Read full story