“The attacker posted a new proposal to restore the state of governance," user Tornadosaurus-Hex wrote in the Tornado Cash community forum, adding that there is a "good chance" that the attacker would execute it.
Tornadosaurus-Hex said that the attacker is reverting the Torn tokens they gave themself – which gave them a controlling share of the governance votes – back to zero.
Given the attacker's holdings of TORN governance tokens, the proposal looks as though it will pass when voting closes on May 26, though it's unclear when the action will be executed. When the proposal passes, the malicious code that the attacker integrated into the protocol, which allowed them to steal voting power from others, will be removed, and the governance of Tornado Cash's DAO will go back to token holders.
As a result, TORN was up as much as 10%, according to CoinGecko data, before settling back down.
0xdeadf4ce, an active member of the TORN community, pointed out that this might all be a “gigatroll” to depress the price of the token to increase their holdings at a discount.
“We don’t even have a choice in regards to this proposal, but it is still important nonetheless,” Tornadosaurus-Hex added.
Structural attacks on DAOs and DeFi protocols, which differ from hacks where the attacker breaks code instead of exploiting it, have resulted in charges, but the attacker behind this exploit is likely counting on the fact that Tornado Cash was recently designated as a sanctioned entity.