Tornado Cash Hit by Backend Exploit, Puts User Deposits at Risk

By: Isha Das

Crypto privacy protocol, Tornado Cash, reportedly experienced a significant backend exploit, endangering user deposits and sensitive information. This security breach, disclosed by community member Gas404, signals a major vulnerability for Tornado Cash, already dealing with trade volume fallout from previous sanctions.

A malicious piece of JavaScript code is believed to have been injected into the protocol's backend through a compromised governance proposal. This code poses a dual threat by exposing deposit details and enabling potential theft. Evidence of such theft is already confirmed through transaction records. As a resolution, Tornado Cash may revert to a previous secure version of its infrastructure setup.

The attack's severe repercussions resulted in Tornado Cash's website and Discord going offline, reflecting the importance of addressing security vulnerabilities within decentralized platforms promptly.