After seizing control of the governance structure behind the sanctioned Tornado Cash protocol over the weekend, an anonymous hacker suspiciously proposed to put everything back the way it was.
More from Fortune: 5 side hustles where you may earn over $20,000 per year—all while working from home Looking to make extra cash? This CD has a 5.15% APY right now Buying a house? Here’s how much to save This is how much money you need to earn annually to comfortably buy a $600,000 home
On Friday, the hacker’s proposal passed by an overwhelming majority, and it can now be implemented by any member of the DAO over the next two days—control goes back to the community, and most changes will be reverted. But during the week the hacker had control, more than $1 million was plundered from the governance system.
The Tornado Cash protocol, an OFAC-sanctioned mixer that helps obscure crypto transactions, was created by a decentralized autonomous organization that pays for its upkeep and development. After it was exploited through a malicious governance proposal, that hacker created more than 1 million fake votes and took over the governance system. As of Friday, about 470,000 TORN tokens had been sold and swapped for ETH. In total, 572 ETH has been deposited by the hacker into Tornado Cash for laundering, the cofounder of blockchain security and auditing firm CertiK Ronghui Gu told Fortune.
Although the protocol was not immediately damaged by the hack, with the hacker still controlling many of the DAO’s funds, Tornado Cash could fall into disrepair and not further develop, said Gu, who added that this type of hack is becoming increasingly common. DAOs should have third-party audits of their code to help prevent hostile takeovers, Gu continued, but there is a drawback: Auditing every proposal slows down voting, which slows down implementation. It’s also expensive.
“The auditing process for proposals, we believe is necessary,” Gu said. “But we currently, definitely do not have such a thing as a practice in the industry.”
The exploiter’s bid to give back control is rare, but not unheard of. Because the hacker already drained a significant portion of the DAO’s funds, they likely don’t care about the actual governance system. In the past, hackers have been convinced to give back a big portion of stolen funds back if they can still keep a cut, as was the case in March, when a hacker returned more than $1 million to Tender.fi and kept a $97,000 bounty. In another case earlier this year, a team of law enforcement figures and lawyers pressured a Russian hacker to return $200 million to Euler Finance.
It’s unclear whether this hacker will return any stolen tokens.
After a 50% plummet to $3.60 following the hack, TORN has rebounded a bit, trading at $4.17 on Friday afternoon, according to CoinMarketCap. The token still was down almost 3% over the past 24 hours as investors weighed the governance system’s uncertain future.
This story was originally featured on Fortune.com
More from Fortune:
5 side hustles where you may earn over $20,000 per year—all while working from home
Looking to make extra cash? This CD has a 5.15% APY right now
Buying a house? Here’s how much to save
This is how much money you need to earn annually to comfortably buy a $600,000 home
