Twister Money, a totally decentralized and open-source cryptocurrency mixer working on Ethereum-based networks, has been subjected to a malicious takeover. This comes as one other important blow to the platform following its troubled historical past with regulatory authorities.
On August 8, 2022, the U.S. Division of the Treasury issued sanctions towards Twister Money. The platform was accused of routinely enabling cash laundering for dangerous cyber actors because of its alleged lack of satisfactory controls. This led to its use being deemed unlawful for U.S. residents, residents, and corporations. Subsequently, the venture’s web site area and GitHub accounts had been suspended, and one of many builders was arrested.
Within the present disaster, a foul actor manipulated the venture’s governance system by accumulating 1.2 million counterfeit votes, overpowering the 700,000 professional votes. The malefactor cunningly disguised their proposal to imitate a beforehand profitable one, however it surreptitiously included a operate that enabled the creation of counterfeit votes.
The perpetrator exploited the emergencyStop operate, permitting them to change the proposal logic swiftly and seize management of Twister Money’s governance. This authority permits the intruder to withdraw locked votes, drain tokens from the governance contract, and presumably disrupt the router’s performance. In a swift transfer to revenue from their management, the attacker rapidly liquidated 10,000 votes price of TORN tokens and appears able to emptying all ETH from the pool.
Regardless of the group’s pressing recommendation to members to withdraw their locked property and efforts to deploy a contract to reverse the modifications, the dangerous actor continues to keep up governance management. This presents important challenges to the venture’s restoration and future operation.
In an try and counteract the harm, Twister Money is actively recruiting Solidity builders and planning to interact Binance, an alternate that holds a substantial quantity of tokens that might doubtlessly assist in countering the assault.
As a privacy-enhancing device on Ethereum-based networks, Twister Money blends doubtlessly identifiable or “tainted” cryptocurrency funds with others, obscuring the unique supply. The service, due to this fact, addresses the necessity for privateness on EVM networks the place transactions are by default publicly seen. Nevertheless, it’s this very function that has additionally uncovered it to regulatory scrutiny and cybersecurity threats.
