An attacker has successfully hijacked the governance protocol of Tornado Cash via a malicious manner to grant the hacker 1.2 million fake votes and thus have full control over Tornado Cash. A tweet explaining the incident read:

“Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.”

In doing so, the hijack allowed the hacker to withdraw all locked votes, drain all of the token in the governance contract and brick the router. An active community of Tornado Cash by the name Tornadosaurus-Hex or Mr. Tornadosaurus Hex, highlighted that all funds in Governance are potentially compromised and requested all members to withdraw funds which are interlocked within governance.

After stealing nearly half a million TORN tokens, the price of TORN dropped a whopping 25% during the reporting period, hovering by the $4.5 price-tag at the time of writing.

Sources:

https://cointelegraph.com/news/attacker-hijacks-tornado-cash-governance-via-malicious-proposal

https://www.bsc.news/post/crypto-mixer-tornado-cash-under-attack-exploiter-seizes-governance-control

https://beincrypto.com/tornado-cash-governance-seized/

https://twitter.com/samczsun/status/1660012956632104960