Malicious proposal leads to Tornado Cash governance hijack.

An attacker gained full control of Tornado Cash governance through a malicious proposal, allowing them to withdraw all locked votes, drain all tokens in the governance contract, and brick the router. The attack highlights the importance of vetting proposal descriptions and logic. Tornado Cash's community developer confirmed the attack and requested all members to withdraw their funds locked in governance. The team is searching for Solidity developers to help save the protocol from extinction. A former Tornado Cash developer is reportedly building a new crypto mixing service from scratch to address the critical flaw existing in Tornado Cash.