A Tornado Cash user hacked the staking contract of NFT gallery firm SuperRare today, stealing roughly $730,000 worth of RARE tokens.

Crypto security analysts Peckshield first noticed the substantial loss while Cyvers Alerts reported that the attacker had previously used crypto mixer Tornado Cash 186 days ago. 

SlowMist claims the exploit was caused by a faulty permission check in the “updateMerkleRoot function” that allowed the hacker to modify the staking contract and claim tokens for themselves. 

Read more: Roman Storm says he’s been ‘financially cancelled’ after payroll firm axe

SuperRare is an NFT art firm with multiple physical galleries in New York. The firm has generated over $328 million in trading volume since it was founded in 2018 and created the RARE token in 2021.

Shark Tank presenter Mark Cuban lost $870,000 worth of crypto, including a batch of RARE tokens, when he unknowingly downloaded a fake MetaMask wallet application that drained his wallet.  

There’s a chance that today’s exploiter will use Tornado Cash again and attempt to launder their ill-gotten gains. The crypto mixer is hailed by crypto privacy advocates for anonymising crypto transactions, but it’s also popular with hackers attempting to launder any illegally obtained crypto.

Tornado Cash is currently on trial in the US, and the case’s outcome may change free speech rights dramatically, as prosecutors seek to criminalise the individuals creating code for open-source privacy software, an action currently protected under free speech.

Protos has reached out to SuperRare for comment and will update this piece should we hear anything back.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Tornado Cash user hacks SuperRare staking contract, steals $730K in RARE appeared first on Protos.