Advertisement

Attacker Mints 10 Billion TOP Tokens Through Governance Takeover, Drains $1.58M from Balancer Pool

An attacker exploited Token of Power's Aragon DAO on Tuesday to mint 10 billion TOP tokens via a malicious governance proposal, then swapped the supply for 944.2 WETH worth roughly $1.58 million.
By: The Defiant Team
Attacker Mints 10 Billion TOP Tokens Through Governance Takeover, Drains $1.58M from Balancer Pool

An attacker exploited a governance misconfiguration in Token of Power's Aragon DAO on Tuesday to mint 10 billion TOP tokens, then swapped a fraction of that supply for 944.2 WETH worth roughly $1.58 million.

Security firm Blockaid identified the incident as a governance-takeover attack, distinct from a smart-contract coding flaw. The attacker first spent approximately 662 ETH, withdrawn from Tornado Cash, to acquire about 8,192 TOP tokens: just over 50% of the protocol's total supply of 16,384 tokens, giving them absolute majority control of the DAO. With that stake in hand, they submitted a governance proposal to mint 10 billion new tokens directly to an attacker-controlled contract.

The Aragon Voting app had no timelock, allowing the attacker to create the proposal, vote it through, and execute it in a single transaction. PeckShield confirmed the attacker then deposited 945.1 ETH into Tornado Cash after the drain.

Governance System

The root vulnerability was architectural. Token of Power ran on an Aragon DAO using a MiniMeToken-based governance contract, infrastructure widely adopted during earlier phases of Ethereum's DAO ecosystem. Blockaid noted the Aragon Voting app permitted proposal creation, vote-casting, and execution in a single atomic transaction because no timelock gated any of those steps.

That gap eliminated the window a community would normally need to detect and cancel a malicious proposal. With majority control already secured through the initial token purchase, the proposal passed the moment it was submitted.

CertiK separately reported the same attack path. The newly minted 10 billion TOP tokens were swapped into the existing TOP/WETH Balancer V1 pool, which operated on a 50/50 weighting between the two assets. Flooding the pool with freshly minted TOP against a fixed reserve of real WETH let the attacker extract 944.2 WETH at a price the pool had no mechanism to resist.

Token of Power is associated with "The Mask of Power" DAO and built TOP around collective governance of a specific MetaMask NFT. Balancer itself was not the vulnerable surface: the attack targeted the protocol's governance layer and used the Balancer pool only as the exit route.

Advertisement

Get an edge in Crypto with our free daily newsletter

Know what matters in Crypto and Web3 with The Defiant Daily newsletter, Mon to Fri

90k+ Defiers informed every day. Unsubscribe anytime.