Woofun AI reports that a malicious governance proposal numbered 67 appeared on the Tornado Cash DAO voting page in the early hours of June 25, 2026. The proposal, titled "Establishing a 0.5% fee rate and a 90% dynamic deflation-based token destruction mechanism," ostensibly sought to upgrade the relayer registry and adjust fee distribution while requesting 50 TORN tokens for gas compensation.

However, the associated contract code lacked source code verification on blockchain browsers like Etherscan, displaying only machine code to observers.

Researchers at L2BEAT and security expert Pascal Caversaccio dissected the unverified code and uncovered a hardcoded attacker wallet address: 0x5efda50f22d34f272c7077689d6abc42f15e285f. This address shares the first 15 characters with the legitimate governance address, 0x5efda50f22d34F262c29268506C5Fa42cB56A1Ce, creating a deceptive visual similarity intended to bypass casual scrutiny. The embedded logic aimed to replace the authorized governance address, a maneuver that would steal approximately $23 million worth of staked TORN tokens and paralyze the entire protocol.

The attacker's operational trail reveals that the malicious wallet received funds via Railgun four days prior to the proposal submission, a tactic employed to obscure the origin of the capital. Per Woofun AI, the community response was immediate and decisive, with the proposal accumulating 0 votes in favor against 27,163 votes against as of the latest count. Voting on this critical security matter is scheduled to close on June 30.

This event represents a recurrence of governance vulnerabilities, echoing a similar attack on Tornado Cash in May 2023. The incident underscores the persistent risks inherent in DAO governance models where token rights can be manipulated through unverified contract deployments. Industry observers now emphasize the necessity for users to monitor security alerts, reject unverified proposals, and delegate voting rights to trusted entities.

The broader implication points toward an urgent need for structural safeguards, specifically the implementation of time-lock mechanisms within decentralized protocols to prevent rapid, unauthorized state changes. This marks the second major governance assault on the platform in three years, signaling that code verification remains a critical failure point in decentralized finance security.