Backdoor has been discovered in the Tornado Cash interface to intercept deposit data
According to community representatives, it has been functioning for two months
![Backdoor has been discovered in the Tornado Cash interface to intercept deposit data](https://storage.getblock.net/source/1/dk9E95MPiiFYKjkHSpQsYU1HKpTwddgb.webp)
26.02.2024 - 08:27
155
3 min
0
What’s new? Yu Xian, the founder of SlowMist, an audited blockchain company, has reported an exploit of the interface of the crypto mixer Tornado Cash, which is included in the US sanctions list. Thus, according to anonymous blockchain developers cited by Xian, a backdoor capable of intercepting certificates of deposit has been functioning in the IPFS version of the service’s frontend for two months.
What else is known? According to Xian, the malicious mechanism was introduced through a voting-based attack on Tornado Cash’s decentralized autonomous organization (DAO) governance mechanism. At risk are the funds of users who made deposits into the mixer using IPFS over the past two months.
According to the community, malicious code was covertly injected into a management proposal made two months ago by a developer under the nickname Butterfly Effects. Since January 1, Tornado Cash deposit records have been leaking to a private malicious server under his control. At least one case of a mixer user’s deposit being stolen in ETH coins has been identified.
![GoFundMe has stopped a fundraiser to support Tornado Cash’s founders](https://storage.getblock.net/source/1/z1tuBGbHx49ZQEOa7IsPKoB9yUQ0qtXU.png)
GoFundMe has stopped a fundraiser to support Tornado Cash’s founders
All contributions were returned to the sponsors
Earlier, the Cyber Security Agency of Singapore discovered a vulnerability in the WordPress cryptocurrency widget “Cryptocurrency Widgets — Price Ticker & Coins List Plugin” versions 2.0-2.6.5, which could leak sensitive information. Attackers can add SQL queries to extract it from the database.
Late last year, hardware crypto wallet maker Ledger reported that users lost $600 000 due to a vulnerability in its blind signature mechanism. The company pledged to reimburse the losses and replace the mechanism of interaction with DApps with a fully transparent one by June 2024.
Useful material?
Market
Australia’s largest financial institutions have refused to process payments to digital asset trading platforms due to the risk of fraud
Jul 26, 2024
Politics
According to the politician, the value of the country’s bitcoin reserves should equal the value of gold reserves
Jul 26, 2024
Mining
The capacity of the Bitaxe device used by the network participant is only 500 Gh/s
Jul 25, 2024
Trends
Meanwhile, Trump-inspired assets have not shown significant growth
Jul 22, 2024
Market
The fee will be as much as 2,5% compared to 0,25-0,19% for competitors
Jul 18, 2024
Market
This is the third consecutive month of decline
Jul 18, 2024