According to Shenzhen TechFlow, Tornado Cash developers issued a scam warning to cryptocurrency users who deposited through the IPFS gateway between January 1 and February 24. The developers suspect that an exploit may have "leaked" Tornado Cash deposits to a server they control during this period.
According to the developers, the above deposit leak appears to only apply to Tornado Cash’s IPFS deployment. It is considered "safe" for users to interact with the contract using the local interface, as submitted changes can be "easily reviewed".