Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
At 15:25 on May 20, Tornado Cash encountered a governance attack. The attacker granted himself 1.2 million votes through a malicious proposal, exceeding the number of legal votes (about 700,000), and gained full governance control. An attacker could withdraw all locked votes and drain all tokens in the governance contract, disabling routers, though the attacker would still not be able to drain individual pools. Tornado Cash governance attackers obtained a total of 483,000 TORN from governance vaults. Attack method (per SlowMist): Governance Attack. Reported loss: $ 2,173,500.
- chain
- —
- protocol
- Tornado Cash
- bug_class
- governance
- date_occurred
- 2023-05-20
- loss_usd
- $2,173,500
- source_id
- sm:tornado-cash::2023-05-20