Best crypto insights delivered straight to your inbox.
Attacker cleans out $1.6M from Token of Power (TOP) in Aragon DAO exploit
- An attacker exploited a DAO governance flaw to mint tokens and drain 944 WETH ($1.58 million) from a Balancer liquidity pool.
- By controlling just over 50% of TOP’s token supply, the attacker could pass and execute proposals unilaterally.
- The absence of a timelock allowed proposal creation, approval, and execution in a single transaction.
An attacker has exploited a governance misconfiguration in the Token of Power (TOP) Aragon DAO.
They reportedly used majority voting power to mint tokens and drain roughly 944 WETH, which is worth around $1.58 million, from a Balancer V1 liquidity pool on Ethereum.
Various blockchain security firms flagged the incident, relying on the effective vector, which showed that TOP’s total token supply was just 16,384 tokens, and the attacker held slightly more than half of them.
How did the TOP token exploit work?
TOP is a MiniMeToken governed through Aragon’s voting infrastructure. According to Blockaid’s analysis, the attacker accumulated 8,192.000001 TOP, and this was more than enough to help them to clear the 50% threshold needed to pass governance proposals unilaterally.
As a result of the Aragon Voting app on TOP’s DAO having no timelock, the attacker was able to create a proposal, vote it through, and execute it within a single transaction.
BlockSec Phalcon confirmed that the passed proposal minted a large quantity of new TOP tokens to the attacker’s address. The attacker then used those freshly minted tokens to drain the TOP/WETH Balancer V1 BPool, extracting 944.2 WETH.
It was noted that Balancer’s protocol was not itself vulnerable. The pool was simply the place where the attacker converted inflated TOP holdings into WETH.
How did the attacker move the funds?
The attacker’s wallet, 0xff8eF7bC455a57e5893232203052Ce0232b39Fa2, was funded through Tornado Cash. The exploit was executed in a single transaction through a dedicated contract, per Blockaid’s on-chain breakdown.
A textbook governance-takeover scenario
The root cause of the exploit was not a smart contract bug in the traditional sense. TOP’s token has a relatively small supply and low market capitalization, which made acquiring a controlling stake cheap.
When that was combined with Aragon’s voting configuration, which allows same-block proposal creation, voting, and execution, the attacker faced no major barrier between gaining majority power and draining funds.
Aragon’s own documentation on DAO security highlights access controls and the importance of restricting who can call sensitive functions on smart contracts.
In that same documentation, the organization stated that onchain functions are accessible by all by default and that authorized access “must be restricted to authorized addresses” when token minting or fund movements are involved.
However, TOP’s configuration did not enforce a timelock or quorum delay that could have given other token holders time to react.
What to watch
Neither the Token of Power team nor Aragon has issued any statement concerning the exploit as of publication.
While the stolen WETH is still traceable onchain, the Tornado Cash funding of the attacker’s wallet complicates recovery prospects. The incident is a reminder that governance parameters (timelocks, quorum thresholds, proposal delays) are not optional safety features for low-supply tokens with meaningful treasury exposure.
The smartest crypto minds already read our newsletter. Want in? Join them.
FAQs
How did the attacker exploit Token of Power?
The attacker acquired more than 50% of TOP's 16,384-token supply, then used Aragon's voting app to create, approve, and execute a governance proposal in a single transaction that minted new TOP tokens to their address, which were swapped for 944.2 WETH from a Balancer V1 pool.
Was Balancer's protocol compromised in the attack?
No. Blockaid confirmed that the Balancer protocol itself was not the source of the vulnerability. The attacker used the TOP/WETH Balancer V1 BPool only as the exit point to convert minted tokens into WETH.
How much was stolen and can the funds be recovered?
Approximately $1.58 million in WETH was drained. Recovery is complicated by the fact that the attacker's wallet was funded through Tornado Cash, the sanctioned mixing protocol.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
Hannah Collymore
Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)