Paradigm security researcher samczsun informed that on May 20 an unknown hacker took full control of Ethereum-mixer Tornado Cash, which allows you to hide transactions in cryptocurrency. According to the expert, the attacker has already withdrawn TORN tokens from the smart contracts of the service.

The specialist said that the attacker introduced a malicious proposal that gave him the opportunity to call the function emergency stop to update the logic after voting. Thus, the scammer took over and withdrew 1.2 million votes (in the form of TORN tokens).

Such actions gave the cybercriminal full rights to control Tornado Cash. The hacker could cancel frozen tokens, transfer assets to a smart contract controlled by him, and also stop the router.

The “samczsun” researcher noted that the hacker cannot take the cryptocurrency from individual pools, but he has already started selling frozen votes. By data PeckShield, most of the withdrawn tokens were exchanged for Ethereum and sent to the Tornado Cash address. Part of the assets went to the Bitrue platform.

By information Cointelegraph, The Tornado Cash community is trying to cancel the offer that led to the attack. However, users are advised to withdraw assets from the application’s smart contracts.

Tornado Cash users also stated that the Binance exchange has “more tokens than the hacker” so it can help restore the situation. Binance, in turn, has suspended deposits in TORN. After the attack course token TORN project fell by 41% – from $6.20 to $3.61, and then rose to around $4.5.

Recall that in August 2022, Tornado Cash was subject to US sanctions . In the same month, the Dutch authorities detained service developer Alexey Pertsev.