Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Checkmarx: Tornado Cash Theft Uncovered: Malicious Code Drains Funds for Months

February 2024 by Yehuda Gelb, Security Researcher at Checkmarx

Yehuda Gelb, security researcher at
Checkmarx, that highlights the persistent challenges in ensuring safety
and trust in decentralized financial platforms.

The Tornado Cash open source project was recently compromised with
malicious JavaScript code inserted by a developer, impacting users who
made transactions via the platform since Jan 1st.

This compromise, discovered by Security researcher Gas404, brings to
light serious concerns about the safety of such platforms and
trustworthiness of developers.

Checkmarx advises:

- That we cannot assume open-source projects are immune from
malicious activities, noting how attackers can leverage supply chain
attacks to compromise networks.

- The importance of thorough security audits, vetting of code
and contributions, even from seemingly trustworthy sources, and the need
to protect against supply chain vulnerabilities.

- A user reminder to be vigilant about the platforms they use
and to understand the associated risks.

Please feel free to use/reference the Checkmarx piece for any pieces you
may be writing around this topic. Do let us know if you have any

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts