- The exploiter stole 473,000 TORN, the mixer’s native token, value over $2.1 million.
- With greater than 700,000 votes, the attacker has taken full management of administration.
An attacker used a fraudulent contract to get entry to hundreds of votes and take full management of the favored cryptocurrency mixer Twister Money. Paradigm’s web3 analysis analyst @samczsun was the primary to note the issue over the weekend.
In line with a tweet by person samczsun, the attacker claimed to have based mostly their malicious proposal on the identical reasoning as an earlier proposal with out admitting that they included a further operate. Lately, nonetheless, the attacker “posted a brand new proposal to revive the state of governance,” as reported in a thread on the mixer’s group discussion board.
Full Management of Administration
As quickly because the request was accepted by Twister Money customers, the exploiter activated the emergency-stop mechanism and modified the proposal logic to present themselves 1.2 million bogus votes. With greater than 700,000 legitimate votes, the attacker has taken full management of the crypto mixer’s administration.
The attacker is now able to do something they select, together with eradicating all locked votes, depleting all governance contract tokens, and even bricking the router. Nonetheless, they’re unable to empty particular swimming pools.
A tweet from Web3 media collective @WhaleCoinTalk claims that shortly after seizing management of Twister Money’s contract, the exploiter stole 473,000 TORN, the mixer’s native token, value over $2.1 million from the governance contract. The dangerous actor made a revenue from the asset gross sales and redeposited money into Twister.
An concerned group member often known as Tornadosaurus-Hex mentioned that the assault has compromised all funds below governance and requested that every one members take away their property from the contract.
Hacker Takes Over Governance Management of Crypto Mixer Twister Money