Tornado Cash DAO sees suspicious governance proposal! Researcher warns of $23 million treasury control.

Blockchain security researcher Sergey Shemyakov issued an urgent warning on X platform on June 25, stating that Tornado Cash DAO had a highly suspicious governance proposal about 8 hours ago. The contract code was unverified, the proposer's funds were obfuscated via privacy protocol Railgun, and the target contract uses the delegatecall mechanism——if executed, the attacker could gain control of nearly $23 million worth of TORN from the DAO treasury.
(Background: US Treasury lifts sanctions on mixer Tornado Cash, TORN surges 74%)
(Context: Tornado Cash co-founder faces 64 months in prison! Dutch prosecutors: He created a global money laundering hub)

Table of Contents

Toggle

• Detailed analysis of four major abnormal signals
• Mixer pool safe, DAO treasury is the sole target
• History repeating in 2023?

Blockchain security researcher Sergey Shemyakov issued a warning on X platform on June 25, stating that Tornado Cash DAO had a highly suspicious governance proposal about 8 hours ago, calling on the community to conduct independent review. The proposal exhibits multiple abnormal signals; if passed, it could directly threaten approximately $23 million worth of TORN tokens in the DAO treasury.

Detailed analysis of four major abnormal signals

The researcher detailed four dangerous characteristics of the proposal. First, the proposal's contract code is unverified——this is extremely rare in the history of Tornado Cash DAO proposals, and the researcher believes this alone constitutes a clear signal of malicious intent. Second, the proposal creator's address received funds through privacy protocol Railgun four days ago, obscuring the source, making the behavior pattern highly suspicious. Third, the proposal's description content appears to be deceptive packaging, aiming to mislead voters into ignoring the real risks.

But the most critical anomaly is the fourth point: once the proposal's target contract is passed and executed, the governance contract will call the target contract's functions via delegatecall. This mechanism means the attacker can thereby gain extremely high permissions within the DAO, including control over treasury fund withdrawals.

Mixer pool safe, DAO treasury is the sole target

The researcher emphasized that Tornado Cash's own mixer pool contracts are not affected by this proposal, and user funds are safe. The target of this attack is completely focused on the DAO governance layer——if the proposal passes, the attacker could directly access approximately $23 million worth of TORN tokens from the DAO treasury, without affecting the operation of the mixing service.

History repeating in 2023?

Notably, this is not the first time Tornado Cash DAO has faced such a threat. In May 2023, an attacker used a malicious governance proposal to successfully gain 1.2 million fake voting rights, seized control of the protocol, and stole 10k TORN, causing the token price to drop by 50% at one point. At the time, OpenZeppelin classified this attack as a "metamorphic attack," highlighting inherent vulnerabilities in the DAO governance mechanism.

Shemyakov called on all TORN token holders to remain highly vigilant before the proposal officially enters the voting stage, independently verify the proposal content, and avoid blindly voting.