Token of Power protocol was exploited for approximately $1.58 million in WETH through a governance takeover, according to blockchain intelligence firm TRM Labs. The attacker exploited a weakness in the protocol's Aragon DAO setup: the absence of a timelock that allowed proposing, voting on, and executing a malicious governance action in a single block. The exploit highlights how governance design parameters can become direct security vulnerabilities in DeFi protocols when voting power can be quickly acquired and executed without delay mechanisms.
Attacker Exploited Aragon DAO Governance Without Timelock
According to TRM Labs' analysis, the attacker funded the operation with 662 ETH withdrawn from Tornado Cash. The attacker then purchased enough TOP tokens to gain majority voting power in the protocol's governance system. With voting control secured, the attacker minted 10 billion new TOP tokens and swapped those tokens for WETH through a Balancer pool. The stolen funds were subsequently routed back through Tornado Cash.
The attack succeeded because Token of Power's Aragon DAO governance lacked a timelock mechanism. This absence allowed the attacker to propose, vote on, and execute the malicious governance action within a single block, leaving no opportunity for protocol defenders or users to intervene.
Tornado Cash Used for Funding and Routing, Not Itself Compromised
TRM Labs' report clarifies that Tornado Cash served as a tool for funding the attack and routing the stolen assets. Tornado Cash itself was not hacked or exploited in this incident. The mixer was used by the attacker to obscure the origin of the initial 662 ETH and to launder the stolen WETH after the governance exploit was executed.
Governance Design Flaws Create Security Vulnerabilities
Timelocks are governance mechanisms designed to introduce mandatory delays between proposal approval and execution. These delays give protocol users, developers, and security teams time to detect and respond to malicious proposals before they become irreversible.
Without a timelock, a hostile actor who acquires sufficient voting power can immediately execute governance changes that drain treasury funds, mint tokens, or alter protocol parameters. The Token of Power exploit demonstrates how governance configurations can function as attack surfaces when proper safeguards are absent.
TRM Labs' on-chain security report provides the technical details of the exploit. The report is available through TRM Labs' official resources.
FAQ
What happened in the Token of Power exploit?
Token of Power protocol was exploited for approximately $1.58 million in WETH through a governance takeover. The attacker exploited the absence of a timelock in the protocol's Aragon DAO setup, allowing them to propose, vote on, and execute a malicious action in a single block after acquiring majority voting power with purchased TOP tokens.
How did the attacker fund and execute the Token of Power governance exploit?
The attacker withdrew 662 ETH from Tornado Cash, purchased enough TOP tokens to control governance voting, minted 10 billion new TOP tokens, swapped them for WETH through a Balancer pool, and routed the stolen funds back through Tornado Cash. TRM Labs clarifies that Tornado Cash was used as a tool for funding and laundering but was not itself compromised.
Why do timelocks matter in DeFi governance?
Timelocks introduce mandatory delays between governance proposal approval and execution, giving users and security teams time to detect and respond to malicious proposals. Without timelocks, attackers who acquire voting power can immediately execute changes that drain funds or alter protocol parameters before anyone can intervene, as demonstrated in the Token of Power exploit.
