Share this article
Attacker Takes Over Tornado Cash DAO With Vote Fraud, Token Slumps 40%
A malicious proposal allowed an unidentified attacker to take over Tornado Cash, opening up the floodgates to a potential treasury drain.
Updated May 22, 2023, 7:24 p.m. Published May 21, 2023, 8:19 a.m.
The DAO handling operations, funds and future plans of privacy-focused crypto mixer Tornado Cash was effectively taken over by an unidentified attacker, or group of attackers, on Saturday.
DAOs, short for decentralized autonomous organizations, allow token holders to lock up their holdings as votes for proposing changes to a project. These changes can range from deploying treasury funds to purposes that benefit the project to expansion on other networks.
STORY CONTINUES BELOW
At the start of the weekend, the attacker floated a malicious proposal that hid a code function that granted them fake votes that can now be used to handle some aspects of Tornado Cash, such as torn (TORN) tokens held in the main governance contract or withdrawal of locked torn tokens.
This was done by putting forth a proposal that imitated an earlier version – except with some malicious code that allowed for the update of logic that gave the attacker access to all governance votes.
“Now that they have all the votes, they can do whatever they want,” security research @samczsun tweeted on Sunday. “In this case, they simply withdrew 10,000 votes as TORN and sold it all.”
Now that they have all the votes, they can do whatever they want. In this case, they simply withdrew 10,000 votes as TORN and sold it allhttps://t.co/XxYezHusK6 pic.twitter.com/qOefI65SLk
— @samczsun.com (@samczsun) May 20, 2023
As such, this attack does not impact the actual Tornado Cash protocol – which allows users to pass funds through the service to mask or obscure the movements of funds and crypto addresses. This attack was not an exploit of any smart contracts or technology related to the working of Tornado Cash.
Meanwhile, the Tornado Cash community has put up newer proposals that seek to revert changes made to the code. One community member observed that the attacker had maliciously minted over 1 million torn for themselves, worth over $4 million at current prices.
Others suggested making a new contract altogether and airdropping new tokens to holders.
Torn prices slumped as much as 40% in the past 24 hours as a result of the governance attack, data shows.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Solana’s Drift Launches v3, With 10x Faster Trades
With v3, the team says that about 85% of market orders will fill in under half a second, and liquidity will deepen enough to bring slippage on larger trades down to around 0.02%.
What to know:
- Drift, one of the largest perpetuals trading platforms on Solana, has launched Drift v3, a major upgrade meant to make on-chain trading feel as fast and smooth as using a centralized exchange.
- The new version will deliver 10-times faster trade execution thanks to a rebuilt backend, marking the largest performance jump the project has made so far.
Top Stories
