Attacker Hijacks TOP Governance, Drains $1.58M from Balancer
An address funded through Tornado Cash seized majority control of Token of Power (TOP) governance on June 9, minted 10 billion TOP and swapped them for 944.2 WETH (~$1.58M) from a Balancer V1 pool.
An attacker funded via Tornado Cash gained majority governance control of Token of Power (TOP), minted 10 billion TOP and drained liquidity from the TOP/WETH Balancer V1 pool. The attacker swapped the newly minted tokens for 944.2 WETH, about $1.58 million, exhausting the pool’s liquidity.
On June 9 an address acquired more than 50% of TOP voting power by accumulating a large share of the token’s limited supply. TOP has a total supply of 16,384 tokens. With majority control the address created, voted on and executed a single malicious proposal in one transaction. The proposal invoked the TokenManager, which minted 10 billion TOP directly to the attacker’s contract; those tokens were then sold in the Balancer V1 pool for 944.2 WETH.
Blockchain security firms traced the attacker’s funding and the routing of proceeds through Tornado Cash, complicating recovery efforts. Balancer’s core protocol was not compromised; the exploit relied on governance permissions in the TOP project and on concentrated liquidity in its specific Balancer V1 pool. Monitoring services detected the suspicious transaction and the resulting outflow from the TOP/WETH pool shortly after execution.
BlockSec Phalcon published a technical breakdown and recommended that projects using similar governance stacks review their parameters. BlockSec Phalcon wrote, “Projects using similar Lido/Aragon governance implementations should carefully review their voting power distribution, quorum/pass thresholds, mint permissions, and related governance safeguards.” The firm urged projects using Aragon’s MiniMeToken and TokenManager patterns to check mint permissions and vote-execution paths.
The incident follows other governance takeovers in 2026 that targeted smaller decentralized finance projects where low token supply, low valuation and concentrated holdings allowed majority control to be purchased at low cost. Some larger protocols have adopted timelocks, higher quorum requirements and stricter mint controls to limit single-wallet governance takeovers. Security firms and monitoring services recommended that investors and liquidity providers inspect governance documents, verify timelocks and explicit mint restrictions, and monitor large token accumulation. Projects using Aragon or similar frameworks were advised to consider adjusting quorum and pass thresholds, revoking broad mint permissions or requiring multi-step proposal execution to reduce the risk of single-transaction governance actions.
Articles by this author
