Inside the Governance Hack of Tornado Cash
Too Long; Didn't Read
The attacker mainly used CREATE, CREATE2, and selfdestruct to exploit the governance. They proposed a contract identical to the previously passed proposal, but this proposal has a selfdestruct function that went unnoticed. After getting accepted, the hacker deletes the proposal contract and deploys a malicious contract at the same address. As this address was already accepted by the governance, they got full control of the governance contract.