On May 22, the TornadoCash hacker deployed a new proposal that will seemingly restore the DAO’s state of Governance. According to Twitter user @0xdface, everyone will know the results on May 26, 2023, 11:53:38 GMT, “plus potentially 6 hours delay if some last minute changes in lead occur.” At the time of writing, there are over 500,000 votes in favor of the proposal.
However, the cryptocurrency community is wary of the proposal. Some have posited that the proposal may be a ploy to pump TORN so that the hacker could dump more tokens at a better price. @0xdface themselves presented that the proposal could either be a form of trolling or “an expensive but not disastrous lesson in Governance security.”
TornadoCash attacker deployed new proposal that, if executed, would seemingly revert the damage done to the Governance functionality. Either they're giga trolling or it will end up being an expensive but not disastrous lesson in Governance security.https://t.co/QMWYFsi8kP
— 0xdeadf4ce (@0xdface) May 21, 2023
I mean note that we don’t even have a choice in regards to this proposal but it is still important nonetheless.
Previously, Tornadosaurus-Hex also attempted to restore the DAO after the attack. Hex proposed a solution to directly revert the changes that the attacker made to the contract. However, Hex warned that whoever proposes the solution risks their TORN becoming rugged, but if executed correctly, it could potentially save the protocol.
On May 20, a malicious user attacked the TornadoCash governance through a malicious proposal. The proposal granted the attacker 1.2M votes compared to the 700,000 legitimate votes in the DAO. Afterward, the attacker obtained 483,000 TORN, deposited 6,000 TORN into Bitrue, sold 379,300 TORN, and exchanged it for 375 ETH worth $680,000 at the time.
The Tornado Cash attacker obtained a total of 483,000 TORN from the Tornado Cash governance vault, and has deposited 6,000 TORN into Bitrue; sold 379,300 TORN on the chain and exchanged it for 375 ETH (about 680,000 U.S. dollars). The price is US$1.8; there are still 97,700 TORNs…
— Wu Blockchain (@WuBlockchain) May 21, 2023
The attacker allegedly snuck in an extra function when they created their malicious proposal. The proposal used the same logic as a previous proposal that voters approved, and once the new proposal was approved by voters, the attack used the emergencyStop function to update the proposal logic in order to grant themselves the fake votes.