Twister Money, a totally decentralized and open-source cryptocurrency mixer working on Ethereum-based networks, has been subjected to a malicious takeover. This comes as one other important blow to the platform following its troubled historical past with regulatory authorities.
On August 8, 2022, the U.S. Division of the Treasury issued sanctions in opposition to Twister Money. The platform was accused of routinely enabling cash laundering for dangerous cyber actors resulting from its alleged lack of satisfactory controls. This led to its use being deemed unlawful for U.S. residents, residents, and corporations. Subsequently, the challenge’s web site area and GitHub accounts had been suspended, and one of many builders was arrested.
Within the present disaster, a foul actor manipulated the challenge’s governance system by accumulating 1.2 million counterfeit votes, overpowering the 700,000 professional votes. The malefactor cunningly disguised their proposal to imitate a beforehand profitable one, but it surely surreptitiously included a operate that enabled the creation of counterfeit votes.
The perpetrator exploited the emergencyStop operate, permitting them to switch the proposal logic swiftly and seize management of Twister Money’s governance. This authority permits the intruder to withdraw locked votes, drain tokens from the governance contract, and presumably disrupt the router’s performance. In a swift transfer to revenue from their management, the attacker shortly liquidated 10,000 votes price of TORN tokens and appears able to emptying all ETH from the pool.
Regardless of the group’s pressing recommendation to members to withdraw their locked property and efforts to deploy a contract to reverse the modifications, the unhealthy actor continues to take care of governance management. This presents important challenges to the challenge’s restoration and future operation.
In an try to counteract the injury, Twister Money is actively recruiting Solidity builders and planning to have interaction Binance, an trade that holds a substantial quantity of tokens that might probably assist in countering the assault.
As a privacy-enhancing device on Ethereum-based networks, Twister Money blends probably identifiable or “tainted” cryptocurrency funds with others, obscuring the unique supply. The service, due to this fact, addresses the necessity for privateness on EVM networks the place transactions are by default publicly seen. Nevertheless, it’s this very function that has additionally uncovered it to regulatory scrutiny and cybersecurity threats.
