skip to Main Content
bitcoin
Bitcoin (BTC) $ 74,852.05 1.42%
ethereum
Ethereum (ETH) $ 2,814.04 7.42%
tether
Tether (USDT) $ 1.00 0.09%
solana
Solana (SOL) $ 186.94 0.03%
bnb
BNB (BNB) $ 591.47 1.72%
usd-coin
USDC (USDC) $ 1.00 0.00%
xrp
XRP (XRP) $ 0.545078 2.52%
staked-ether
Lido Staked Ether (STETH) $ 2,812.39 7.27%
dogecoin
Dogecoin (DOGE) $ 0.186861 5.46%
tron
TRON (TRX) $ 0.160219 2.02%

Tornado Cash Reportedly Suffers Backend Exploit, User Deposits at Risk

  • Tornado Cash deposits and deposit data is reportedly at risk.

  • A proposal has been made to revert back to a previous version of the protocol’s IPFS deployment.

User deposits on token mixer Tornado Cash are reportedly at risk following the insertion of malicious code in the protocol’s back end, according to a Medium post by community member Gas404.

The post explains that a malicious javascript code was hidden from a two-month-old governance proposal submitted by an alleged Tornado Cash developer on Jan. 1. The code redirects deposit data to a public server hosted by the alleged developer.

The function of the exploit is to leak Tornado Cash deposit data and there is also a function to steal a deposit itself. According to Gas404, one deposit was stolen out of this batch seen on etherscan.

Tornado Cash trading volume nosedived by more than 90% after the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) sanctioned Tornado Cash in August 2022.

Gas404 has proposed that Tornado Cash should revert to a previous IPFS ContextHash deployment used in a previous version of TornadoCash.

Edited by Stephen Alpher.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top