Subscribe to our Telegram channel

Cryptomixer Tornado Cash is subjected to a cyberattack

2:36 pm, February 27, 2024

The developers of the cryptocurrency mixer Tornado Cash have warned users who made deposits through IPFS gateways(a distributed file system that seeks to connect to all computer devices with IPFS installed to search for files — ed.

According to the developers, at that time, attackers could intercept information about deposits in Tornado Cash and redirect it to a server they controlled. The reason is most likely that a hidden fragment with malicious JavaScript content was added to the code submitted by the Tornado Cash development community.

As noted, the malicious code was found in a proposal for the development of the ecosystem from one of the Tornado Cash developers. According to the team, it was specifically added to intercept and redirect deposit data.

In a separate post published on Medium, the developers provided a detailed description of how the attackers used this code to intercept deposit information and further redirect funds.

To prevent such incidents from recurring, the developers recommend that users who made transactions through IPFS during the period in question change their deposit records. They also urge TORN token holders to block any proposals for the development of the ecosystem that come from this developer. When using local interfaces for interacting with the contract, the risks of compromise are minimal, as code changes are easy to track.

The current situation raises concerns about the security of the Tornado Cash ecosystem, especially given that the attacker managed to inject malicious code into the official ecosystem development proposal.

Experts believe that such incidents can negatively affect the reputation of decentralized financial services. However, Tornado Cash supporters argue that this situation also demonstrates the community’s ability to respond quickly to emerging threats.

It is not yet clear whether the attackers managed to access any significant amounts of Tornado Cash users' funds. However, the fact of the compromise itself is worrying and requires further thorough investigation.

As a reminder, the Tornado Cash platform has been under US sanctions since 2022 for repeatedly assisting cybercriminals in laundering illegally obtained funds.

Subscribe to our Telegram channel

BTC

$98,170.60

4.33%

ETH

$3,344.09

10.07%

BNB

$624.65

3.56%

XRP

$1.18

9.08%

SOL

$255.44

9.81%

All courses
Subscribe to our
Telegram channel!
The latest news and reviews of the cryptocurrency markets of the last
day right in your messenger. We are waiting for you!
GO TO
Show more