$1.58 Million Vanishes in Minutes: How a Tiny Token’s Governance Was Hijacked

A low-cap token’s weak safeguards enabled a swift takeover that exposed ongoing risks in DeFi voting systems.

Blockchain security firms today reported a $1.58 million exploit on Token of Power ($TOP), where an attacker seized governance control, minted billions of tokens, and drained liquidity from a Balancer V1 pool.

How the Attack Happened

An address funded through Tornado Cash acquired over 50% of $TOP voting power due to the token’s limited supply and low valuation.

Using an Aragon DAO setup with MiniMeToken, the attacker held more than half of the 16,384 total TOP supply.

In a single transaction, they created, voted on, and executed a malicious proposal. This triggered the TokenManager to mint 10 billion TOP directly to the attacker’s contract.

The newly created tokens were then swapped for 944.2 WETH (approximately $1.585 million) in the TOP/WETH Balancer V1 pool, depleting its liquidity.

🚨ALERT🚨Our system has detected a suspicious transaction involving Token of Power ($TOP), resulting in losses of approximately $1.58 million.An address funded through @TornadoCash executed a malicious transaction that drained funds from the TOP/WETH Balancer V1 Pool.The… pic.twitter.com/ewpQTmDA8s

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) June 9, 2026

Follow us on X to get the latest news as it happens

Security Warnings Issued

BlockSec Phalcon detailed the mechanics and urged immediate reviews:

“Projects using similar Lido/Aragon governance implementations should carefully review their voting power distribution, quorum/pass thresholds, mint permissions, and related governance safeguards.”

The stolen funds were routed back through Tornado Cash, complicating recovery efforts. No losses occurred to Balancer’s core protocol.

Market Context and Investor Impact

This exploit adds to 2026’s pattern of governance attacks on smaller DeFi projects, where low liquidity and lax parameters make takeovers affordable.

While major protocols have strengthened defenses with timelocks and higher quorums, many emerging tokens remain exposed.

Investors in low-cap tokens and liquidity providers should verify governance parameters, monitor large token accumulations, and avoid unvetted pools.

Projects on similar stacks will likely face increased scrutiny and calls for upgrades.

For the broader ecosystem, the event serves as a timely reminder: strong governance design remains essential to protect user funds in an era of sophisticated, low-cost attacks.

Stay vigilant and prioritize audited, battle-tested parameters.