Share this article
Tornado Cash Reportedly Suffers Backend Exploit, User Deposits at Risk
The exploit has the function to steal deposit data and deposited funds.
Updated Mar 8, 2024, 10:10 p.m. Published Feb 26, 2024, 3:08 p.m.
- Tornado Cash deposits and deposit data is reportedly at risk.
- A proposal has been made to revert back to a previous version of the protocol's IPFS deployment.
User deposits on token mixer Tornado Cash are reportedly at risk following the insertion of malicious code in the protocol's back end, according to a Medium post by community member Gas404.
The post explains that a malicious javascript code was hidden from a two-month-old governance proposal submitted by an alleged Tornado Cash developer on Jan. 1. The code redirects deposit data to a public server hosted by the alleged developer.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The function of the exploit is to leak Tornado Cash deposit data and there is also a function to steal a deposit itself. According to Gas404, one deposit was stolen out of this batch seen on etherscan.
Advertisement
Tornado Cash trading volume nosedived by more than 90% after the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) sanctioned Tornado Cash in August 2022.
Gas404 has proposed that Tornado Cash should revert to a previous IPFS ContextHash deployment used in a previous version of TornadoCash.
Lebih untuk Anda
More For You
![[C31-7570] daaate](/_next/image?url=https%3A%2F%2Fcdn.sanity.io%2Fimages%2Fs3y3vcno%2Fstaging%2Fb860804181535bcc5d91bae2bed733734be5742d-1920x1080.jpg%3Fauto%3Dformat&w=1080&q=75)
Top Stories
