A governance takeover attack allowed an exploiter to mint 10 billion TOP tokens and drain roughly $1.5m in WETH from a Balancer liquidity pool on Ethereum, according to security researchers.
Blockchain security firm Blockaid said the attacker drained 944.2 WETH, worth approximately $1.58m, from the TOP/WETH Balancer V1 pool after exploiting a governance configuration tied to the Token of Power [TOP] ecosystem.
Researchers stressed that Balancer itself was not vulnerable. Instead, the exploit targeted the protocol’s governance architecture.
Attack weaponized DAO governance
According to Blockaid and CertiK, the attacker acquired more than 50% of TOP’s token supply before executing a governance proposal that minted billions of new TOP tokens directly to the attacker-controlled contract.
The exploit reportedly relied on a misconfiguration in the Aragon DAO involving TOP’s MiniMeToken structure.
Blockaid said the governance system allowed proposal creation, voting, and execution within a single transaction because no timelock protections were in place.
That allowed the attacker to:
- gain majority voting control,
- execute a mint proposal instantly,
- create 10 billion TOP tokens,
- and dump the newly minted supply into the liquidity pool for WETH.
“The Aragon Voting app allowed create → vote → execute in a single tx with no timelock,” Blockaid said in its analysis.
CertiK separately reported that the attacker initially withdrew 662 ETH from Tornado Cash before accumulating enough TOP tokens to gain majority governance control.
Governance became the exploit vector
The incident highlights how governance systems themselves can become attack surfaces in DeFi protocols.
Unlike traditional smart contract exploits involving coding flaws or reentrancy attacks, governance takeovers weaponize administrative permissions and voting systems already embedded inside protocols.
Timelocks are commonly used in DAO systems to slow governance execution and give communities time to react to malicious proposals.
In this case, researchers say the absence of execution delays allowed the exploit to unfold instantly.
Legacy DAO infrastructure still carries risks
The exploit also highlights risks associated with older DAO governance frameworks and legacy DeFi infrastructure still operating on Ethereum.
Aragon and MiniMeToken-based governance systems were widely adopted during earlier phases of Ethereum’s DAO ecosystem. Still, some deployments may no longer reflect modern governance security standards.
The incident adds to growing scrutiny of governance security as attackers increasingly target protocol control mechanisms rather than seeking only direct smart contract vulnerabilities.
Final Summary
- An attacker exploited a governance misconfiguration to mint 10 billion TOP tokens and drain roughly $1.5m in WETH from a Balancer liquidity pool.
- Researchers said the exploit relied on an Aragon DAO setup that allowed proposal creation, voting, and execution in a single transaction without a timelock.