VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
SlowMist founder Cos tweeted that there is a backdoor code in the Tornado Cash IPFS version frontend that hijacks deposit certificates. A governance attack led to malicious proposals being passed, and the malicious code has been present for about two months. Attack method (per SlowMist): Governance Attack. Reported loss: -.
Primary source
https://gas404.medium.com/tornado-cash-notes-exploit-from-jan-1st-and-the-actions-you-must-take-6076748bc886 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Tornado Cash
- bug_class
- governance
- date_occurred
- 2024-02-25
- loss_usd
- —
- source_id
- sm:tornado-cash::2024-02-25
Related — same bug class· governance