Vulnerability disclosure – Tornado Cash


This is a full disclosure of a vulnerability that we published earlier

The potential leak was discovered two weeks ago and disabled immediately to prevent any future exposure.

The leak could only happen in a two step process. First, a user had to click “Share URL” button which created a URL that contained your private note information, like so: https://tornado.cash/?note=tornado-eth-0.1-1-0x60f495681bc7048021bbab1301c600c8ff16fbfd3f9ebff4bd01af7d4faec1e8526f5a3642adf72f008b6531fe9e4ca76a994a807cc41455735076f8c51e. After that, if the user opened the full URL in the browser the requests made from that page to the third-party services contained note data in the Referer HTTP header. Therefore, if any of these services logged this header, they could have access to the note data. That meant a possibility of funds withdrawal from unspent notes and exposure of a connection between deposits and withdrawals for the spent notes.

Here’s a list of the third-party services that are utilized by Tornado.cash UI:

One of those services was our own ip.tornado.cash server. Using its logs we were able to recreate the list of notes that got exposed. There were 98 notes in total, 12 of which were unspent. At the moment of publishing this post, there are only 7 unspent notes left totaling 2.5 ETH.

We would like to reiterate, that all other users, who never completed BOTH steps, were unaffected. Luckily, this exposure was limited, discovered early and no one reported funds lost.

Coins Kaufen: Bitcoin.deAnycoinDirektCoinbaseCoinMama (mit Kreditkarte)Paxfull

Handelsplätze / Börsen: Bitcoin.de | KuCoinBinanceBitMexBitpandaeToro

Lending / Zinsen erhalten: Celsius NetworkCoinlend (Bot)

Cloud Mining: HashflareGenesis MiningIQ Mining

Werbung: Immobilienmakler HeidelbergMakler Heidelberg

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close