Search the site
Press ESC to close
LIVE
Loading...
Updating...

Tornado Cash DAO Faces Potential Threat Over $12 Million Risk

Sophie Chastain
Fact-checked
2 min read
338 words
Share

A researcher from the L2BEAT platform has issued a critical warning regarding a suspicious governance proposal submitted to the Tornado Cash DAO on June 25, 2026. The proposal involves an unverified target contract, a significant departure from standard protocol, which experts believe could lead to the misappropriation of community funds. While the primary privacy-preserving liquidity pools remain unaffected, the DAO’s treasury, holding approximately $12.4 million in TORN tokens, is reportedly at risk if the malicious code is executed.

Unverified Contract Raises Security Alarms

The threat was identified by researcher @sergeyshemyakov, who noted that the proposal’s target contract lacks verification on blockchain explorers. This lack of transparency is highly unusual for the decentralized mixer's governance process. Investigation into the proponent's history revealed that the creator’s address was funded just four days prior to the submission via Railgun, a private decentralized finance (DeFi) protocol.

  • Submission Date: June 25, 2026
  • Funding Source: Railgun privacy protocol
  • Risk Mechanism: Potential "delegatecall" vulnerability
  • Asset at Risk: TORN tokens held in the DAO treasury

Technical Implications of the Delegatecall

If the proposal reaches the required quorum and is executed, the Tornado Cash governance contract will perform a delegatecall to the unverified target contract. In Ethereum-based smart contracts, a delegatecall allows the target contract to execute code in the context of the caller's state, essentially giving the malicious contract full control over the DAO’s permissions and assets. This specific function is often utilized in governance exploits to bypass security hurdles and drain communal treasories.

"The Tornado Cash fund pool itself is secure, but this proposal could directly target the Tornado Cash DAO, which currently holds approximately $12 million worth of TORN tokens", stated Sergeyshemyakov.

The current situation highlights the ongoing vulnerabilities within decentralized autonomous organizations (DAOs) when governance participants fail to scrutinize unverified code. While the privacy-mixing functionality of the blockchain protocol remains structurally sound, the TORN token holders are urged to exercise extreme caution and reject the proposal to prevent a massive capital flight from the ecosystem.

Frequently Asked Questions

Quick answers to the most common questions about this topic.