March 27, 2024
Tornado Cash Faces Backend Exploit, Deposit Risk
Latest Cryptocurrency News

Tornado Cash Faces Backend Exploit, Deposit Risk

User funds on the token mixer Tornado Cash are reportedly in jeopardy due to the insertion of malicious code in the protocol’s back end, as outlined in a Medium post by Gas404, a community member. The post discloses the finding of hidden malicious JavaScript code in a governance proposal from January 1. This code reroutes deposit data to a public server hosted by the supposed developer.

The exploit’s primary function is to expose Tornado Cash deposit data, and it includes a mechanism to pilfer a deposit. According to Gas404, at least one deposit has been stolen based on the batch observed on Etherscan.

Tornado Cash has faced a significant setback as its trading volume plummeted by over 90% after the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) sanctioned the platform in August 2022.

In response to this security breach, Gas404 has proposed a solution, suggesting that Tornado Cash should revert to a prior IPFS ContextHash deployment utilized in a previous version of the protocol. The situation underscores the ongoing challenges and risks associated with decentralized platforms, urging the need for robust security measures to safeguard user assets.

Image by rorozoa on Freepik

Related posts

Ledger Connect Exploit: DApps Issue Warnings as DeFi Protocols Act

Anna Garcia

MicroStrategy’s X Account Hacked: Ethereum Scam

Anna Garcia

Digital Energy Council by Crypto Miners to Drive Advocacy in Washington

Kevin Wilson

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More