Hacks Feed/Token of Power

Token of Power

June 9, 2026·Ethereum·Governance takeover via majority token control and uncapped mint

$472K

total loss

StatusConfirmed

An attacker bought a bare majority of the Token of Power governance token directly from its own Balancer liquidity pool, then used that majority to mint 10 billion new TOP through a single governance vote and dumped it back into the pool. About 91 percent of the 16,384 total TOP supply sat in the pool as liquidity, so a governance majority cost only about 663 WETH to acquire. The attacker pulled 944.24 WETH out of the pool in the exploit, but had just seeded 662.86 WETH of that to buy the majority, so the real loss to liquidity providers, and the attacker's actual profit, was about 281 WETH, roughly 472 thousand dollars. Other trackers report the 944 WETH gross figure. The Balancer protocol was not at fault. The pool was only the venue, and the proceeds went to a wallet funded through Tornado Cash.

Liquidity providers in the TOP/WETH pooldrained(Pool drained from about 281 WETH of real liquidity to roughly zero. Net loss about 281 WETH (~$472K); the 944 WETH gross swap-out included the attacker's own 663 WETH acquisition seed.)

TOP token holders and valuedrained(Supply went from 16,384 to over 10 billion TOP, diluting holders by more than 600,000 times and collapsing the price.)

The Balancer protocol and other poolssafe(Balancer itself was not exploited. The TOP/WETH pool was only the venue where the majority was bought and the minted tokens were sold.)

Recovery of drained fundsunknown(Proceeds sent to the attacker wallet; operating funds were routed through Tornado Cash. No recovery announced.)

What the score saw

Token of Power is not one of the protocols we publish a live safety score for, so we had no prior reading on it. The weakness here is the kind our model weighs heavily wherever it applies: a live DAO that can mint its own token without limit, governed by a freely tradeable token whose majority was sitting in a public pool. With most of a 16,384 supply held as liquidity, anyone could buy a governance majority outright, and a thirty day vote period was no protection because the system executes a vote the moment yes votes pass half of the total supply.

Exploit anatomy

There was no access bug. The attacker simply bought a governance majority on the open market. In a setup transaction (acquisition tx) one block before the attack, the attacker's contract swapped 662.86 WETH into the Balancer pool and pulled out 8,192.000001 TOP, just over half of the 16,384 total supply (about 91 percent of which sat in that pool). Then in the exploit tx the contract created a governance vote through the token manager, cast its majority as yes, and the voting app executed it immediately because the result could no longer change. The executed action minted 10,000,000,000 TOP to the contract, which dumped it back into the pool and pulled out 944.24 WETH. Since 662.86 of that was the attacker's own seed returning, the net theft and the attacker's profit were about 281 WETH. The operating wallet was funded from Tornado Cash.

FUND FLOW

ROOT CAUSE / ENABLERS

FUND FLOWROOT CAUSE / ENABLERS

Stage 1 · ACQUIRE

Attacker wallet

Tornado-funded, ~99.57 ETH from the 100 ETH pool

0xff8eF7bC...b39Fa2

deployed the exploit contract

Bought majority from pool

swapped 662.86 WETH for 8,192.000001 TOP

0x0fa3e014...327329

just over 50%, ~91% of supply was in the pool

Governance majority was for sale

16,384 total supply with ~91% sitting in the public Balancer pool, so a majority was an open-market buy for ~663 WETH

governance design

Bare majority by design

bought 8,192.000001, the minimum strictly above half, since the vote needs more than 50 percent

Stage 2 · TAKEOVER

Token manager

token holders may forward a vote creation

0x3ac18563...bB7306

also holds mint authority over TOP

Aragon voting app

vote created, voted, executed in one tx

0xb501d26b...ef6865

yes 8,192.000001 of 16,384, executed = true

Early execution nullifies the vote period

the 30 day vote time is no timelock; Aragon executes the instant yes passes half of total supply

governance takeover

Atomic create, vote, and execute

forwarding plus newVote with castVote and executesIfDecided collapse it into one transaction, no reaction window

Stage 3 · MINT

10,000,000,000 TOP minted

vote action called mint to the exploit contract

0x0EBD5eC9...D3eDb6

supply 16,384 to over 10 billion, 600,000x

Uncapped self-mint authority

the DAO could mint its own token with no cap, turning a governance win into unlimited inflation

missing control

Stage 4 · DUMP

Balancer TOP/WETH pool

minted TOP sold back in across ~12 swaps

0x0fa3e014...327329

944.24 WETH out, pool drained to zero

Attacker wallet

944.24 WETH gross, less 662.86 WETH seed

0xff8eF7bC...b39Fa2

net profit ~281 WETH, about $472K

No outflow protection on the exit venue

a liquid pool gave an instant market to convert minted TOP to WETH; Balancer itself was not the bug

missing control

Untouched

Safe. The Balancer protocol itself and other pools were not affected. The TOP/WETH pool was only the venue where the majority was bought and the minted tokens were sold.

Mechanism

The attacker bought a governance majority from the token's own pool for 662.86 WETH, then used Aragon early execution to pass and execute a mint vote in one transaction, minting 10 billion TOP and dumping it back for 944.24 WETH gross. Net of the seed, the real loss was about 281 WETH. The 30 day vote period gave no protection because a vote executes the moment yes votes pass half of total supply.

Source

blackhart.io/hacks/token-of-power-aragon-governance-takeover-mint

verified on-chainnet ~281 WETH (~$472K); 944 WETH gross widely reported; ops funded via Tornado Cash

Full forensic detail

Step-by-step reconstruction, root cause, counterfactuals, remediation, and disclosure timeline.

Exploit anatomy

Token of Power is governed by an Aragon DAO that can mint TOP without limit through its token manager. The governance token had a total supply of only 16,384 TOP, and about 91 percent of it (14,910 TOP) sat in the project's Balancer pool as liquidity, so a governance majority was available to buy on the open market.

The attacker funded a wallet through Tornado Cash, deployed an exploit contract, and in a setup transaction swapped 662.86 WETH into the Balancer pool to buy 8,192.000001 TOP, just over half the supply. The extra fraction past 8,192 was deliberate, since the voting system requires strictly more than half.

tx:0xdf4dad0b...0f56e1

One block later, in a single transaction, the exploit contract forwarded a vote-creation through the token manager, which token holders are permitted to do, and created a governance vote whose action was to mint TOP.

tx:0x967aa34c...3ac156

The same call cast the attacker's majority as a yes vote. Because the yes total already exceeded half of the entire supply, the outcome could no longer change, so the voting app executed the vote immediately rather than waiting out the thirty day vote period.

tx:0x967aa34c...3ac156

The executed vote called the token manager to mint 10,000,000,000 TOP to the exploit contract, raising the supply from 16,384 to over 10 billion.

tx:0x967aa34c...3ac156

The exploit contract sold the minted TOP back into the Balancer pool across about a dozen swaps, pulling out 944.24 WETH. Because 662.86 WETH of that was the attacker's own acquisition seed returning, the net theft, equal to the pool's real loss and the attacker's profit, was about 281 WETH, roughly 472 thousand dollars.

tx:0x967aa34c...3ac156

Root cause

The root cause is a token-weighted Aragon DAO that held uncapped authority to mint its own token, governed by a freely tradeable token whose majority was simply for sale. Total supply was only 16,384, and about 91 percent of it was held as liquidity in the project's own Balancer pool, so the attacker acquired a bare majority on the open market by swapping 662.86 WETH for 8,192.000001 TOP one block before the attack. There was no access-control exploit. The decisive and often misstated detail is the execution timing. The voting app's vote period was thirty days, which looks like a delay, but Aragon executes a vote the instant the yes votes alone exceed the required support of the total supply, because at that point the result is mathematically final. With just over half the supply the attacker's single yes vote met that condition immediately, so the thirty day period gave no protection at all. The on-chain vote record confirms this exactly: yes votes of 8,192.000001 against a total voting power of 16,384, zero no votes, and executed set to true, with an action script that calls the token manager to mint ten billion TOP to the attacker's contract. The combination that made this total rather than partial was a purchasable governance majority, uncapped minting, and execution that is atomic with the vote. On the economics, the widely reported 944.24 WETH is the gross amount pulled from the pool in the exploit, but 662.86 WETH of it was the attacker's own seed returning, so the pool's real loss and the attacker's profit were about 281 WETH. The Balancer pool was only the venue.

Prevention analysis

Similar incidents

Beanstalk (2022)

A governance proposal was passed by an attacker who acquired majority voting power, then executed to drain the protocol. Same class: token-weighted governance won outright and used against the treasury.

Tornado Cash governance (2023)

An attacker gained majority control of governance through a malicious proposal and seized control of the DAO. Same shape: majority of votes turned into full control of privileged actions.

Ankr (2022)

A privileged mint path with no cap was used to mint billions of tokens and dump them for value. Same impact mechanism: uncapped minting turned into an unlimited supply attack.

Remediation

1.Treat the TOP token as compromised. Its supply has been inflated past ten billion and the governance that controls it can be re-won by whoever holds a majority.

2.Liquidity providers should withdraw from the TOP/WETH pool. The pool is the exit venue for any further minted supply.

3.If the project continues, redeploy governance with a real execution timelock, a hard cap or removal of self-mint authority, a supermajority threshold, and a quorum that a single holder cannot meet alone.

4.Treat the attacker wallet and the Tornado-funded operating wallet as hostile and monitor for reuse against other low-supply DAO tokens, since this pattern generalizes to any Aragon DAO with uncapped mint and a cheaply acquirable majority.

Timeline

2026-06-09Attacker wallet funded through Tornado Cash (about 99.57 ETH from the 100 ETH pool plus several 10 ETH pool withdrawals).

2026-06-09In a setup transaction the attacker deploys an exploit contract and swaps 662.86 WETH into the Balancer pool to buy 8,192.000001 TOP, a bare majority of the 16,384 supply (about 91 percent of which sat in the pool).

2026-06-09One block later, in one transaction, the exploit contract creates, votes on, and early-executes a governance vote that mints 10,000,000,000 TOP to itself, then dumps it into the Balancer pool, pulling out 944.24 WETH gross, about 281 WETH net of the seed.

2026-06-09Blockaid flags the incident as a governance takeover. Blackhart verifies the address-level facts on Ethereum, decodes the vote action script, traces the open-market acquisition, and confirms the early-execution mechanism and the net-versus-gross economics, then publishes this report.

Sources

Blockaid on X, incident alert Etherscan, exploit transaction Etherscan, TOP token Etherscan, Aragon voting app Etherscan, attacker wallet

Continuous adversarial monitoring

Get your protocol scored across 12 dimensions, or request ongoing coverage.