Companies & Deals
Share
Tornado Cash, an open-source and fully decentralized cryptocurrency tumbler operating on Ethereum-based networks, has fallen victim to a hostile takeover. Through a malicious proposal, the attacker seized complete control of the project's governance system, accumulating 1.2 million fraudulent votes, surpassing the legitimate vote count of 700,000.
The attacker deceptively presented their proposal as similar to a successful one from the past. However, unbeknownst to the community, the proposal contained an additional function that allowed for the generation of fake votes.
By exploiting the emergencyStop function, the attacker quickly manipulated the proposal logic, gaining control over Tornado Cash's governance. This newfound authority empowers the attacker to withdraw locked votes, drain tokens from the governance contract, and potentially disrupt the router's functionality. To capitalize on their control, the attacker promptly sold 10,000 votes in TORN tokens and it is clear that they are able to drain all ETH from the pool as well.
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
Community members have urged participants to withdraw their locked funds. Despite efforts to deploy a contract to reverse the changes, the attacker currently maintains governance control, posing significant challenges for the project.
To mitigate the damage, the Tornado Cash team is actively seeking Solidity developers and aims to engage with Binance. The exchange holds a substantial number of tokens that could potentially aid in countering the attack.
It is important to note that Tornado Cash faced substantial obstacles in the past when the United States Department of the Treasury blacklisted the service in August 2022. Consequently, the use of Tornado Cash became illegal for US citizens, residents, and companies. The project's web domain and GitHub accounts were shut down, and one of the developers was arrested.
Tornado Cash provides a privacy-enhancing tool on Ethereum-based networks. As an open-source, non-custodial, and fully decentralized cryptocurrency tumbler, it mixes potentially identifiable or "tainted" cryptocurrency funds with others to obscure the original source. This service addresses the need for privacy in EVM networks, where transactions are publicly visible by default.
Related Articles
Companies & Deals
Stripe’s Reported PayPal Interest: A Signal of Payments Consolidation With Stablecoins in Focus?
Companies & Deals
Riot Platforms Faces Investor Pressure to Accelerate AI Infrastructure Expansion
Companies & Deals
German Financial Innovation: Stuttgart Stock Exchange Merges with Tradias in €500M Deal
Editor's Picks
UAE Stablecoins: Why They Are Built to Travel, Not Stay Local
Walid Abou Zaki
Feb 28, 2026
8 min
The Central Bank of the UAE Clearing the Noise Around Article 62
Walid Abou Zaki
Feb 25, 2026
5 min
Europe’s Crypto Purge: Did Lithuania Just Kick Out Innovation — and is the UAE the Beneficiary?
Salma Naueihed
Feb 18, 2026
7 min
Read More Articles
In the Same Space
JPMorgan Sued Over $328M Crypto Ponzi Scheme
News Desk
Mar 17, 2026
3 min
Bithumb Hit With $24M Fine, Partial Suspension in Korea
News Desk
Mar 17, 2026
2 min
Georgia Signals Stablecoin Shift as NBG Builds on VASP Framework
Walid Abou Zaki
Mar 17, 2026
4 min
US, UK, Canada Launch Operation Atlantic to Combat Crypto Fraud
News Desk
Mar 17, 2026
3 min
