Author: angelilu, Foresight News
At 6:18 AM on June 25, 2026, a governance proposal numbered 67 appeared on the voting page of the Tornado Cash DAO.
The title was written formally: "Establishing a 0.5% Fee Standard and 90% Dynamic Deflationary Burn Scheme." The main text was lengthy and elaborate, claiming to upgrade the relayer registry to the "V5 Strategy A" architecture, permanently burning 90% of the protocol fees, distributing 10% to stakers, and including a set of economic model projections for a "positive wealth cycle."
The proposer also requested 50 TORN tokens from the treasury to compensate for the Gas fees prepaid when deploying the contract—this detail made the entire proposal appear to be written by a responsible, out-of-pocket community contributor.
However, the contract code for this proposal was not verified at all. That is, the execution logic (Calldata) of the proposal was not source code verified on a block explorer (like Etherscan). Without verification, the community saw only machine code and could not directly review it. Historical normal proposals for Tornado Cash always included this step; this proposal skipped it.
L2BEAT researcher Sergey Shemyakov was the first to notice this. About 8 hours after the proposal went live, he tagged security researcher Pascal Caversaccio, saying: "The logic of this proposal is abnormally complex, please help with an independent review."
Security Alliance researcher Pascal Caversaccio quickly delivered a conclusion.
The Proposal's True Purpose: Stealthily Changing the Protocol's Admin Address
Caversaccio used a decompilation tool to revert the proposal contract's bytecode and determined the proposal was malicious.
The code contained a function named "governance," with only one function: to return an address, telling the protocol "who the admin is." The address hardcoded within this function was the attacker's own wallet.
In Tornado Cash's architecture, various parts of the protocol call this function to confirm the highest authority. Once the proposal passed and executed, the address originally pointing to the community governance contract would be silently replaced with this attacker address.
The real governance address is 0x5efda50f22d34F262c29268506C5Fa42cB56A1Ce;
The forged attacker address is 0x5efda50f22d34f272c7077689d6abc42f15e285f.
The first 15 characters of the two addresses are identical, with differences starting only from the 16th character. It's very difficult for the average person to spot the difference by eye.
If this proposal passed, the consequence would be: the protocol's recognized "highest admin" address would be silently switched to the attacker's address. At that point, the attacker could use this identity to withdraw approximately $23 million worth of TORN tokens currently locked in the governance contract—this money is staked by community members for voting participation. Additionally, the attacker could forcibly zero out the balances of all relayers (service providers that forward transactions for users) within the protocol, paralyzing the entire system.
Who is the Attacker? Where Did the Money Come From?
The wallet address of the proposal creator is 0xd4eca8c9242b9f9faa3cf19a78defc21dc97a925.
Caversaccio traced the funding source of this address and found it had received a transfer just 4 days before the proposal submission. The sender was Railgun—another on-chain privacy mixing protocol and a direct competitor of Tornado Cash. Using Railgun for the transfer means the fund source is obfuscated, untraceable to real identity.
Current Voting Status After Community Discovery
As of now, the voting results for this proposal are: 0 votes in favor, 27,163 TORN against, accounting for 100%. Voting closes on June 30.
Tornado Cash's governance rules require at least 100,000 TORN participating in the vote to reach quorum; currently, only 27% has been reached. Unless a large-scale abnormal wave of votes in favor appears within the next 4 days, pushing the quorum up and flipping the result. Otherwise, the proposal will expire and the result of being rejected is non-execution. However, the greater impact of this incident is the warning it provides.
This is already the second time Tornado Cash has faced this type of attack. In May 2023, an attacker gained governance control with 1.2 million votes through a proposal containing a hidden self-destruct function, while the entire DAO's legitimate votes at the time were only 70,000. In that attack, the attacker withdrew approximately $2.17 million worth of TORN, using Tornado Cash itself to launder the money, then submitted a "restore governance" proposal, netting about $900,000 before making a clean exit. Since then, no one has fundamentally repaired this governance structure.
DAO Governance Attacks: How Can Ordinary Users Defend Themselves?
Governance attacks are now a regular risk in Web3, not specific to any one protocol. In April 2022, Beanstalk was attacked by a perpetrator who borrowed $1 billion in temporary voting power via a flash loan, passed a proposal, transferred $182 million, and repaid the loan all within a single transaction, taking less than a minute. In February of the same year, Build Finance DAO was taken over by an attacker using counterfeit governance tokens, emptying its $11 million treasury.
The forms of attack are evolving: from flash loan vote snatching, to hidden self-destruct functions, to this time's address character substitution. But the underlying logic remains the same—a DAO's power comes from tokens, and tokens can be borrowed, forged, and obfuscated. Any governance mechanism that can be controlled by code can be attacked.
For ordinary users holding governance tokens, there are several practical paths. First, pay attention to real-time alerts from security researchers; this attack was first flagged by an L2BEAT researcher. Second, proposals pointing to unverified contracts should most likely be voted against directly. Third, if you hold a protocol's governance tokens but don't plan to actively participate, delegating your voting power to active community members is safer than letting the tokens lie dormant in your wallet. Silent tokens only make it harder to reach quorum.
For protocol developers, a more fundamental line of defense is introducing a timelock at the governance layer—proposals, once passed, do not execute immediately but have a 48 to 72-hour window, giving the community and security researchers a chance to review and trigger an emergency pause. Protocols like Compound and Aave have long made this mechanism standard; Tornado Cash still does not have it, which is also part of its extreme choice regarding compliance and censorship resistance.
