Governance takeover mints 10B TOP, drains $1.58M liquidity
An address funded via Tornado Cash gained over 50% of Token of Power (TOP) votes, minted 10 billion TOP in a single proposal and swapped them for 944.2 WETH, removing about $1.58M from the TOP/WETH Balancer V1 pool.
Blockchain security teams reported on June 9, 2026 that an address funded through Tornado Cash seized control of Token of Power (TOP) governance, minted 10 billion new TOP tokens and drained liquidity from the TOP/WETH Balancer V1 pool. The attacker received 944.2 WETH in the swap, roughly $1.58 million at the time of the trades.
The exploit began with the attacker obtaining more than 50% of TOP voting power. The token had a total circulating supply of 16,384 TOP, and a single address was able to purchase a controlling stake. TOP used an Aragon DAO governance setup with the MiniMeToken standard and an Aragon TokenManager module for minting and token management.
In one atomic transaction the attacker created, voted on and executed a proposal. That execution triggered the TokenManager to mint 10 billion TOP directly to the attacker’s contract. The attacker then swapped the newly minted tokens in the TOP/WETH Balancer V1 pool, removing nearly all liquidity and receiving 944.2 WETH. Security teams reported that Balancer’s core protocol was not compromised and that the stolen funds were routed back through Tornado Cash, complicating recovery efforts.
BlockSec Phalcon reviewed the incident and urged immediate configuration checks for similar setups. BlockSec Phalcon warned: “Projects using similar Lido/Aragon governance implementations should carefully review their voting power distribution, quorum/pass thresholds, mint permissions, and related governance safeguards.”
Security analysts noted the takeover exploited governance and minting logic that allowed proposal creation, voting and execution without additional approval layers or timelocks. Because the attacker held a majority of voting tokens at proposal creation, no external votes were required to pass the measure.
The event follows multiple 2026 incidents in which low-cap DeFi tokens with limited liquidity and lax governance parameters were taken over by buyers able to amass controlling stakes. Security teams recommended that projects using similar stacks reassess quorum thresholds, introduce timelocks, limit minting permissions and seek audits or upgrades to governance modules.
Aragon is a framework for creating decentralized autonomous organizations. MiniMeToken is a token standard that supports voting snapshots. The TokenManager module handles token issuance and minting rights within Aragon DAOs. The technical details of the fall in liquidity and the routing of funds through Tornado Cash remain part of ongoing investigations.
Articles by this author
