Someone attempted to take over the Tornado Cash community treasury with a fake address that differed by one character.

Written by: angelilu, Foresight News

At 6:18 AM on June 25, 2026, a governance proposal numbered 67 appeared on the voting page of the Tornado Cash DAO.

The title was formally written: "Establish a 0.5% Fee Rate Standard and 90% Dynamic Deflationary Burn Plan." The main text claimed to upgrade the relayer registry to the "V5 Strategy A" framework, permanently destroy 90% of the fees collected by the protocol, and distribute 10% to stakers, along with a set of economic model derivations for a "Wealth Positive Cycle."

The proposer also applied for 50 TORN from the treasury to compensate for the Gas fees paid during contract deployment—this detail made the entire proposal appear to be written by a responsible community contributor who was paying out of pocket.

However, the contract code of this proposal had not been verified. In other words, the execution logic of the proposal (Calldata) was not source-verified on block explorers (such as Etherscan), and without verification, the community only saw a bunch of machine code that could not be directly audited. Normal proposals in Tornado Cash's history would go through this step, but this one skipped it.

L2BEAT researcher Sergey Shemyakov was the first to notice this. About 8 hours after the proposal went live, he tagged security researcher Pascal Caversaccio, saying, "This proposal's logic is unusually complex; please help me conduct an independent review."

Security Alliance researcher Pascal Caversaccio quickly reached a conclusion.

The Real Purpose of the Proposal: Secretly Replace the Protocol's Administrator Address

Caversaccio used decompilation tools to revert the bytecode of the proposal contract, concluding that this proposal was malicious.

In the code, there was a function named "governance" with one function: to return an address, telling the protocol "who is the administrator." The hardcoded address in this function was the attacker's own wallet.

In the Tornado Cash architecture, various parts of the protocol would call this function to confirm who holds the highest authority. Once the proposal passed execution, the address originally pointing to the community governance contract would secretly be replaced by this attacker's address.

The real governance address is 0x5efda50f22d34F262c29268506C5Fa42cB56A1Ce;

The forged attacker address is 0x5efda50f22d34f272c7077689d6abc42f15e285f.

The first 15 characters of both addresses are identical, with differences starting from the 16th character. It is difficult for ordinary people to spot by the naked eye.

If this proposal passes, the consequence will be: the "highest administrator" address recognized by the protocol will be quietly replaced with the attacker's address. At that point, the attacker could use this identity to withdraw about $23 million worth of TORN tokens currently locked in the governance contract—this money was staked by community members for voting. In addition, the attacker could also forcefully clear the balances of all relayers (service providers responsible for helping users relay transactions) in the protocol, paralyzing the entire protocol.

Who is the Attacker, and Where Did the Money Come From?

The wallet address of the proposal creator is 0xd4eca8c9242b9f9faa3cf19a78defc21dc97a925.

Caversaccio traced the funding source of this address and found that it received a transfer just 4 days before the proposal submission. The transferring party was Railgun—another on-chain privacy mixing protocol and a direct competitor of Tornado Cash. Transferring through Railgun means the source of funds is obfuscated and cannot be traced back to a real identity.

What's the Voting Status Now That the Community Has Discovered It?

As of now, the voting result for this proposal is: 0 votes in favor, 27,163 votes against TORN, accounting for 100%. Voting closes on June 30.

The governance rules of Tornado Cash require at least 100,000 TORN to participate in voting to reach quorum, and currently, only 27% has been reached. Unless there are large-scale abnormal votes in favor within the next 4 days pushing up the quorum and reversing the result, this proposal will be ineffective and rejected. However, the warning this incident brings is much more significant.

This is already the second time Tornado Cash has faced this kind of attack. In May 2023, an attacker gained governance control with 1.2 million votes through a proposal with a hidden self-destruction function, while the entire DAO's legitimate votes were only 70,000. That time, the attacker withdrew approximately $2.17 million worth of TORN, using Tornado Cash itself as a money laundering tool, and then submitted a proposal to "restore governance," netting about $900,000 before retreating. Since then, no one has fundamentally fixed this governance structure.

How Can Ordinary People Defend Against DAO Governance Attacks?

Governance attacks have become a conventional risk in Web3, not just a specific case for any particular protocol. In April 2022, Beanstalk was attacked by an attacker who borrowed $1 billion temporary voting power through a flash loan, passing the proposal and transferring $182 million in the same transaction, repaying the loan in under a minute. In February of the same year, Build Finance DAO was attacked when an attacker gained control through forged governance tokens, draining a treasury of $11 million.

The forms of attacks are evolving: from flash loan vote theft to hidden self-destruct functions to this time's address character replacement. But the underlying logic remains the same—the power of a DAO comes from tokens, which can be borrowed, forged, or obfuscated. Any governance mechanism that can be manipulated by code can be attacked.

For ordinary users holding governance tokens, there are several practical paths. First, pay attention to real-time alerts from security researchers; this attack was first warned by L2BEAT researchers. Second, proposals pointing to unverified contracts should likely be voted against. Third, if you hold governance tokens of a protocol but do not plan to actively participate, delegating your voting power to active community members is safer than letting the tokens sit dormant in your wallet; silent tokens only make it harder to reach quorum.

For protocol developers, a more fundamental defense is to introduce timelocks at the governance level—proposals do not execute immediately after passage, leaving a window of 48 to 72 hours for the community and security researchers to review and trigger an emergency pause. Protocols like Compound and Aave have long equipped this mechanism, while Tornado Cash has not yet implemented it, which is also an extreme choice for compliance and resistance to censorship.