On Saturday, Tornado Cash's DAO was taken over by an attacker, or group of attackers. It's another backlash for the plagued coin mixer which makes privacy for Ethereum holders possible. In an interesting turn of events, a day later the attacker proposed to undo his attack. Never a boring day in crypto! 

It is a bit of a lame wordplay to say that Tornado Cash has been in the eye of the storm for a while. The attack came just when the dust had almost settled. Nine months ago, the US Government sanctioned the protocol - the first time a protocol was put on the sanctions list. US citizens could no longer use the coin mixer. 

Developer pending trial

At the time of this sanctioning, Russian Alexey Pertsev, one of the developers of Tornado Cash, was arrested in Amsterdam. He was suspected of 'involvement in concealing criminal financial flows and facilitating money laundering'. 

Only in April 2023 he was released but, pending his trial, required to stay at home, with electronic monitoring devices guarding him. A lot of people in the crypto community are worried that his arrest has no solid ground and is used as a scare tactic to discourage developers to work on privacy tools. 

The community fought back a month later. Users of Ethereum and Tornado Cash filed a lawsuit against the U.S. Treasury Department. They claim that putting Tornado Cash on the sanctions list is unconstitutional and that there are numerous legitimate ways to use this coin mixer: it's simply a privacy tool.

The Attack     

Tornado Cash's DAO (Decentralized Autonomous Organization) handles operations, funds and future plans. Any DAO allows token holders to lock up their holdings as votes for proposing changes to a project. These changes can range from deploying treasury funds to purposes that benefit the project to expansion on other networks. 

The attacker's malicious proposal contained a hidden code function that granted him/her/them fake votes. These could then be used to handle some aspects of Tornado Cash, such as withdrawal of locked torn tokens (TORN) held in the main governance contract. 

The attack undone

Naturally the TORN token, already beaten down from last year's government attacks, suffered even more. But then came another turn in the story. The attacker submitted a proposal to undo the attack and give governance back. This is less uncommon than it might seem. Hackers of crypto protocols often offer to return funds. Sometimes in exchange for a bounty. Sometimes for nothing - as their action was just meant to demonstrate a weakness. One member of the TORN community thinks this might all have been a 'gigatroll' to crash the price so the attacker could buy cheaper coins. This may not be the most likely explanation. After all, why would one buy coins of a protocol that had just been exposed as vulnerable?